Maintained by: NLnet Labs

[Unbound-users] No failover in stub-zone?

lst_hoe02 at kwsoft.de
Tue Jul 10 13:02:21 CEST 2012


Zitat von "W.C.A. Wijngaards" <wouter at nlnetlabs.nl>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Andreas,
>
> On 07/09/2012 10:52 PM, lst_hoe02 at kwsoft.de wrote:
>> Hello
>>
>> we have on our border dns recursor (unbound 1.4.17) some
>> stub-zones mostly for PTR lookups for our internal AS112 addresses
>> like this:
>>
>> stub-zone: name: "10.in-addr.arpa" stub-addr:
>> <IP-first-internal-NS> stub-addr: <IP-second-internal-NS>
>
> unbound will divide the load amongst the addresses.
> It will randomise with RTT banding.
>
>> Today the first internal NS went down and most reverse lookups slow
>> to crawl. I expexted unbound would notice the failure and simply
>> only use the second after some time like it did with normal lookups
>> when skipping unavailable NS.
>>
>> Is this expected behaviour or have i done something wrong?
>
> The second server also fails?
>
> Unbound should try both servers (randomly if they are working, for 50%
> load on both of them).
>

No, the second was available, and yes it looks like Unbound was  
balancing because some lookups where fast and some timeout. As far as  
i know Unbound does skip unresponsive servers when doing "normal"  
lookups (no stub-zones) and i suspected Unbound doing the same for the  
stub-zone servers. Might this be possible as a feature in the future?  
I think the same rules should apply for stub-zones as for all lookups,  
no?

Regards

Andreas