Maintained by: NLnet Labs

Unbound and intermittent network connectivity?

Robert Edmonds
Fri Dec 18 20:05:20 CET 2015


Hi,

I have a few recent bug reports from Debian users that Unbound stops
resolving after brief interruptions in network connectivity.  Especially
from users on laptops, which are typically not as well-connected as
servers or workstations with wired Ethernet connections.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791659

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808204

A few questions:

Is my guess that Unbound stores unreachability information for
particular nameservers in the "infra cache" correct?  Does this also
apply to forwarders?  Does that mean if a user is running Unbound in
forwarding mode and has a brief network outage, they have to wait until
an "infra-host-ttl" expiration (default 15 minutes) occurs before
resolution service works again?

Is the format of the "dump_infra" output documented anywhere?  I've
started reading source code to figure it out, but it would be nice to
have some "this is good" and "this is bad" examples.  E.g., at first
glance I misread "lame dnssec 0" to mean "this server is lame, and does
not support DNSSEC", which appears to be the opposite of what it means
:-)

Should distros be doing something on network change events to get
Unbound to purge unreachability information?  I think "flush_infra all"
would do it, but isn't this quite disruptive?  (Maybe unreachability
information could be cached with a different TTL than the other
attributes for entries in the infra cache?)

Should distros lower "infra-host-ttl" in general, or for laptop users in
particular?

How should we deal with brief interruptions in network connectivity past
the first hop (say, outage inside the ISP backbone) that don't trigger
events?

Thanks!

-- 
Robert Edmonds
edmonds at debian.org