Maintained by: NLnet Labs

[Unbound-users] Resolve failures when using forwarders that do recursion

Wouter Wijngaards
Fri Mar 7 11:59:25 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Andreas,

On 03/07/2014 11:44 AM, lst_hoe02 at kwsoft.de wrote:
> 
> Zitat von "W.C.A. Wijngaards" <wouter at nlnetlabs.nl>:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> Hi Florian,
>> 
>> I have implemented a completely different option, does that meet 
>> your needs?  It is called delay-close: msec.  If you set eg. 
>> delay-close: 1500, then when a UDP socket timeouts that port is 
>> kept open for 1500 msec afterwards.  Meanwhile unbound continues 
>> (but a socket is still in use) as normal.
>> 
>> Only the right ID, IPaddr is accepted on that port; bad packets 
>> are added to the unwanted_replies counter.  The right ID,IP also 
>> closes the port.
>> 
>> This keeps ports open for a little while longer, without 
>> impacting the rest of unbound.
>> 
>> Do you like this option, or do you (also-) want me to accept
>> your patch?
>> 
>> Best regards, Wouter
>> 
> 
> Hello,
> 
> will this be available in Unbound 1.4.22?? It also might solve our
>  problem with cascaded Unbound and slow host resolving like the 
> esta.cbp.dhs.gov.

Yes, the release candidate 1 is available right now.  I am hesitant to
say it may fix things for you.

Note in DoS conditions it stops doing this - preferring to
work on user queries.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTGaaNAAoJEJ9vHC1+BF+N0cAQAKwDWBwAZt+pexlW7bDOPVCY
iFIMjQq4XVAyGeaHQzycUskjuHPZbWLtuEVE4umLNZ8Q4/R44caD3/R0WBn8uaQa
2pqolO5X//u/74XfyzdsNtdRmycHXSnPYUPpY4xYJ3flM96N86z5pEztESmeVSKf
XSj7TxTEPNCfPPtKeg6kL0ymEp34brwgX5uyt59bxoR618bTznZD7qO7RmumUblH
yIQWFPJSQLtQu6c30h01rN74aYzfHVaeI/UkqbT5j0VMqMXcyuzKGSJaaiImpTlL
MvnWZn8IIgVY8YTQLWPqHthqQGBIQAFd9M/OIDBB5FQtMKa+ddCobwUJlXEqkUmK
P3fwiMrxVay6WA5cw4o67/EVw7c9zdG4o0erYzY99qBejEGquLDuIS888Ya9Ur82
L1mbGLaxVUHK34JwqVne7tAPLMOW2gjyM/LIl+GYQMXsV1b/UPMPOVxW3xpqW5Ut
pwpf/gyrDD0bFvasmWyEAw8AnDrycTyL/npkYbHawv8gQ15yS6ay7aR4jNxbr1c0
nWHVPsRp3hTexbuhWo+28We0zvLtUxHFpzEiQLb/jQMhzLDL37m6qUp4XLZQn1lK
Thy860xtMD/H4CC8euEt7J0XJ1gvuID0N8xEPdVRbgHDMH4W/mjgVtoSxrC/JBAN
Rsby8d0aM0K/wAzbhFDl
=Xn6J
-----END PGP SIGNATURE-----