Maintained by: NLnet Labs

[Unbound-users] Unbound 1.4.22 slow to recognize unresponsive stub addresses

John Sandowso
Sun Sep 14 01:36:14 CEST 2014


I think I am hitting the same problem reported back in
2012:http://www.unbound.net/pipermail/unbound-users/2012-July/002467.html
with
Unbound 1.4.22.

I thought it was a problem with the package from my Linux distribution, but
it actually was reproducable from the source code too. I started from an
fresh EC2 instance and did the steps below. I created two configurations:
one forwarding to 3 addresses, 2 of which were unresponsive (the
10.x.x.x.), and another stubbing to the same addresses. With the forward,
all lookup happened quickly and none failed. With the stub, the first few
timed out (30 sec). When I repeated the lookups, the first few timed out
again.

I included Unbound's log for the stub case in http://pastebin.com/Ww9ykJX2.
What I noticed is that the unresponsive addresses were attempted multiple
times consecutively. In the case of the forward, they were skipped immediately.

Is there a fix for this?


Thanks.





$ uname -a
Linux ip-10-186-41-5 3.10.42-52.145.amzn1.x86_64 #1 SMP Tue Jun 10 23:46:43
UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

$ wget http://www.unbound.net/downloads/unbound-1.4.22.tar.gz

$ ./configure && make


$ cat withforward.conf
server:
    verbosity: 5
    num-threads: 1
    port: 5353
    chroot: ""
    username: ""
    directory: ""
    logfile: ""
forward-zone:
    name: "."
    forward-addr: 10.0.0.0
    forward-addr: 8.8.8.8
    forward-addr: 10.0.0.1
    forward-first: no

$ ./unbound -d -c ./withforward.conf 2>&1 |tee  withforward.out
$ for q in a.com b.com c.com d.com a.net b.net c.net d.net a.org b.org c.or=
gd.org; do dig @localhost -p 5353 +tries=3D1 +timeout=3D30 $q; done

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 a.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39478
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;a.com.                IN    A

;; AUTHORITY SECTION:
com.            53    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410648363 1800 900 604800
86400

;; Query time: 2270 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:32 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 b.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50974
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;b.com.                IN    A

;; AUTHORITY SECTION:
com.            899    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410649206 1800 900 604800
86400

;; Query time: 793 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 c.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49364
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;c.com.                IN    A

;; AUTHORITY SECTION:
com.            899    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410649206 1800 900 604800
86400

;; Query time: 21 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 d.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26132
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;d.com.                IN    A

;; AUTHORITY SECTION:
com.            899    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410649206 1800 900 604800
86400

;; Query time: 21 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 a.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18046
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;a.net.                IN    A

;; AUTHORITY SECTION:
net.            899    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410649206 1800 900 604800
86400

;; Query time: 23 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 b.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43924
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;b.net.                IN    A

;; AUTHORITY SECTION:
net.            94    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410648409 1800 900 604800
86400

;; Query time: 11 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 c.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36261
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;c.net.                IN    A

;; AUTHORITY SECTION:
net.            899    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410649206 1800 900 604800
86400

;; Query time: 27 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 d.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25756
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;d.net.                IN    A

;; AUTHORITY SECTION:
net.            899    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410649206 1800 900 604800
86400

;; Query time: 21 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 a.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44249
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;a.org.                IN    A

;; ANSWER SECTION:a.org.            14370    IN    A    50.63.46.1

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 39


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 b.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9125
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;b.org.                IN    A

;; ANSWER SECTION:b.org.            20794    IN    A    50.63.46.1

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 39


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 c.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57775
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;c.org.                IN    A

;; ANSWER SECTION:c.org.            18013    IN    A    50.63.46.1

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 39


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 d.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40011
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;d.org.                IN    A

;; ANSWER SECTION:d.org.            20794    IN    A    50.63.46.1

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 23:00:33 2014
;; MSG SIZE  rcvd: 39








$ cat withstub.conf
server:
    verbosity: 5
    num-threads: 1
    port: 5353
    chroot: ""
    username: ""
    directory: ""
    logfile: ""
stub-zone:
    name: "."
    stub-addr: 10.0.0.0
    stub-addr: 8.8.8.8
    stub-addr: 10.0.0.1
    stub-prime: no
    stub-first: no

$ ./unbound -d -c ./withstub.conf 2>&1 |tee  withstub.unbound.out
$ for q in a.com b.com c.com d.com a.net b.net c.net d.net a.org b.org c.or=
gd.org; do dig @localhost -p 5353 +tries=3D1 +timeout=3D30 $q; done

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 a.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 b.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 c.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 d.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14666
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;d.com.                IN    A

;; AUTHORITY SECTION:
com.            899    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410648512 1800 900 604800
86400

;; Query time: 82 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 a.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39496
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;a.net.                IN    A

;; AUTHORITY SECTION:
net.            795    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410648409 1800 900 604800
86400

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 b.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49331
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;b.net.                IN    A

;; AUTHORITY SECTION:
net.            795    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410648409 1800 900 604800
86400

;; Query time: 11 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 c.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24495
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;c.net.                IN    A

;; AUTHORITY SECTION:
net.            899    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410648512 1800 900 604800
86400

;; Query time: 20 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 d.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49149
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;d.net.                IN    A

;; AUTHORITY SECTION:
net.            763    IN    SOA
a.gtld-servers.net.nstld.verisign-grs.com. 1410648378 1800 900 604800
86400

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 96


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 a.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55014
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;a.org.                IN    A

;; ANSWER SECTION:a.org.            15072    IN    A    50.63.46.1

;; Query time: 9 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 39


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 b.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43465
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;b.org.                IN    A

;; ANSWER SECTION:b.org.            21496    IN    A    50.63.46.1

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 39


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 c.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18781
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;c.org.                IN    A

;; ANSWER SECTION:c.org.            17049    IN    A    50.63.46.1

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 39


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.32.amzn1 <<>> @localhost -p 5353
+tries=3D1 +timeout=3D30 d.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39830
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;d.org.                IN    A

;; ANSWER SECTION:d.org.            21273    IN    A    50.63.46.1

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Sat Sep 13 22:48:51 2014
;; MSG SIZE  rcvd: 39
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140913/c781344d/attachment-0001.html>