Maintained by: NLnet Labs

[Unbound-users] forward zone order

Will Yardley
Thu Jan 8 22:30:12 CET 2015


To give a more specific example of the behavior I'm seeing, I'm seeing
certain queries fail completely when one of the two forwarders is not
responding.

Unbound is RHEL 6 version (1.4.22).

[in my config; note - unbound-control doesn't seem to list the port]
forward-zone:
        name: "sbl-xbl.spamhaus.org"
        forward-addr: 127.0.0.1 at 3768
        forward-addr: 131.215.239.55

# unbound-control  list_forwards | grep sbl-xbl
sbl-xbl.spamhaus.org. IN forward: 127.0.0.1 X.X.X.55

# dig -p3768 2.0.0.127.sbl-xbl.spamhaus.org 

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -p3768 2.0.0.127.sbl-xbl.spamhaus.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2338
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;2.0.0.127.sbl-xbl.spamhaus.org.	IN	A

;; ANSWER SECTION:
2.0.0.127.sbl-xbl.spamhaus.org.	60 IN	A	127.0.0.2
2.0.0.127.sbl-xbl.spamhaus.org.	60 IN	A	127.0.0.4

;; Query time: 0 msec
;; SERVER: 127.0.0.1#3768(127.0.0.1)
;; WHEN: Thu Jan  8 13:19:53 2015
;; MSG SIZE  rcvd: 80

# dig 2.0.0.127.sbl-xbl.spamhaus.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> 2.0.0.127.sbl-xbl.spamhaus.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31161
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;2.0.0.127.sbl-xbl.spamhaus.org.	IN	A

;; Query time: 286 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan  8 13:19:59 2015
;; MSG SIZE  rcvd: 48


# dig 2.0.0.127.sbl-xbl.spamhaus.org @X.X.X.55

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> 2.0.0.127.sbl-xbl.spamhaus.org @X.X.X.55
;; global options: +cmd
;; connection timed out; no servers could be reached


When the second forward is reachable again, the queries start responding
again.

w