Maintained by: NLnet Labs

[Unbound-users] Query over 'forward-addr' / 'forward-first'

W.C.A. Wijngaards
Wed Jul 18 13:01:46 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Karl,

On 07/14/2012 12:17 AM, Karl Pielorz wrote:
> 
> Hi All,
> 
> I've just started looking at Unbound, under FreeBSD 9, currently
> running unbound 1.4.17.
> 
> I have three 'local' nameservers on our LAN, and I've been using:
> 
> " forward-zone: name: "." forward-addr: 1.1.1.1 forward-addr:
> 2.2.2.2 forward-addr: 3.3.3.3 forward-first: yes "
> 
> [obviously 'example' IP's!]
> 
> This seems to work fine - i.e. under normal circumstances, queries
> are answered fine. If I deliberately "fail" 1.1.1.1 - queries are
> still answered, ditto if I fail 2.2.2.2 as well - they are all sent
> to 3.3.3.3 to be resolved, and the system can still resolve names.
> 
> In 1.4.17 how are forwarders selected? - From syslog/verbose
> logging - it appears it latches onto one, and stays with it (maybe
> the fastest responder?)

Unbound randomly picks one from the available list.  It uses RTT
banding (slow ones are not used, e.g. if it times out).

> Is there any way of seeing (e.g. from 'unbound-control
> dump_infra') which forwarders it considers 'available' or 'not
> available' / down?

Yes, dump_infra would do so, the IP addresses are listed, right?
Or, unbound-control lookup .

> Also, can someone clarify what 'forward-first' actually means? - In
> the man page it says:
> 
> "If  enabled,  a query is attempted without the forward clause if 
> it fails.  The default is no."
> 
> With this set to 'yes' - if I fail all the forwarders, nothing
> gets resolved (I was kind of expecting it to retry the query - with
> the roots? - i.e. no forwarders?) - or does this not apply if
> you're trying to forward "."?

It resolves the query with the roots.  But this may need a timeout of
several seconds before it does so.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQBpeaAAoJEJ9vHC1+BF+NcmYP/0hs/vd0Osi8lyCsnT0rqjHI
6zdgLYDP4iM6QTzwLYjdIEN/4xcSnyCG7xhfR48Ds2QxN/5OyGBQYP5J6oITWs3W
h/gWC5W3knexf4yiAk9HdY349y8bgNRDRYGGO654QJJ8FxvZU8PrIojlKK83d/eN
QdEKZ6MjMmuL+4kkzWoAcw9KGHeCqnUhZd0H371jBJJroi1QkqHnSGnw9nadc2Nm
uyYV6MGCkvPDZ1bYpXMiozVf7dYrvdoYGVRX2chQ0Je6XMpk1mUyAArVTSGsblWx
m1qNccooUpZMgbIbilJGS72olHrsP/PcMDl/ZKSDQydIr7VGTF5Sq5IZb8mcjkxF
fuCQKm4iKjgTNd9oiukKIk/c2uTybRZQ3MYGLzLd/TS3MlhY/IdgsujPh4Y3ZF/N
t5GrK63q1Q8amYqSJjq7PkzA5lCKWzOURAJv7yAtUE4hc1EGXx0LW+BipEUK9wMo
YZZN7jYBNKcYdvNCFF3MPXFngQrZD2lyZ5hjFc4ZOxh9BVH0szgKP6ShhQjzyHp7
LRziHulUAnTyUTV4DnrHJyKcVF/vO3a+KZn7gVjSDpEx3xQR7hG0TL0W9ioctmzg
9fEO2SjH8YiQ4oDq6CoGmUGTD7TitxcXhhPiQ16ALxeVaZIyEX1uokS2sL0KvRm8
3oBFhK8H9mCMA0ihTo3t
=XHz3
-----END PGP SIGNATURE-----