Maintained by: NLnet Labs

"Blocking regime" behavior question

Dhalgren Tor
Wed Apr 13 00:37:59 CEST 2016


On Sun, Apr 10, 2016 at 5:34 AM, Aaron Hopkins <lists at die.net> wrote:
> According to https://www.unbound.net/documentation/info_timeout.html,
> unbound should already be returning SERVFAIL immediately if it believes all
> servers are dead. . .

Hello,

I posted a query a bit earlier regarding Unbound timeout behavior.

Still have one mystery remaining w/r/t the Tor Exit DNS DOS failure described.

At the time of this event, the 'dump_requestlist' output for one out
of two threads contained 350 entries for timing-out resolve requests
to GoDaddy, which was null-routing the exit-node at that time.  This
implies a total of about 700 timing-out resolve requests.  The
"Blocking" section in the above-referenced documentation seems to
indicate that Unbound should have marked the SOA server unreachable
and immediately returned SERVFAIL for these requests.  Shouldn't this
have limited the size of the request queue/list to something far less
than 700 entries?  Also have a synchronous 'dump_infra' from the same
incident.  For one of the GoDaddy name servers the infra list had
sixty entries similar to the ones listed below.  Version running at
the time was 1.54 built with libevent.

Am I misunderstanding the documented behavior?  Does Unbound both
respond with SERVFAIL _and_ continue trying to resolve each request?

Thank You


request sample (out of 348 total)

thread #0
#   type cl name    seconds    module status
117    A IN hvymca.cOM. 15.725693 iterator wait for 216.69.185.49
126    A IN ZUtOot.cOM. 299.954939 iterator wait for 216.69.185.49
155    A IN hYtorcZA.COm. 197.524971 iterator wait for 216.69.185.49
162    A IN GoLdNiQuE.cOm. 101.887861 iterator wait for 216.69.185.49


infra sample (out of 60 total)

216.69.185.49 ARtbooKscoffeE.coM. ttl 464 ping 0 var 94 rtt 376 rto
12032 tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame dnssec 0
rec 0 A 0 other 0
216.69.185.49 HOLoGrAphicbroADcAStiNg.cOm. ttl 526 ping 0 var 94 rtt
376 rto 120000 tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame
dnssec 0 rec 0 A 0 other 0
216.69.185.49 OnLInEleBANEsE.com. expired rto 120000
216.69.185.49 HuNGRyRIDgeKeNNeL.cOm. ttl 877 ping 0 var 94 rtt 376 rto
12032 tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 10 lame dnssec 0
rec 0 A 0 other 0
216.69.185.49 huckpiE.COm. expired rto 120000
216.69.185.49 Webisfree.com. expired rto 120000
216.69.185.49 koBeJoRdanBrANd.Com. expired rto 120000
216.69.185.49 GroDno.neT. expired rto 120000
216.69.185.49 hYtorcZA.COm. ttl 670 ping 0 var 94 rtt 376 rto 96256 tA
3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 66 lame dnssec 0 rec 0 A 0
other 0
216.69.185.49 iBGEEKbOY.CoM. ttl 665 ping 0 var 94 rtt 376 rto 96256
tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 43 lame dnssec 0 rec 0
A 0 other 0
216.69.185.49 y-AnD-o-jeWelRy.cOM. expired rto 120000
216.69.185.49 ZUtOot.cOM. ttl 579 ping 0 var 94 rtt 376 rto 96256 tA 3
tAAAA 0 tother 0 ednsknown 0 edns 0 delay 73 lame dnssec 0 rec 0 A 0
other 0
216.69.185.49 expRessIONS-dental.COm. ttl 432 ping 0 var 94 rtt 376
rto 24064 tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame dnssec
0 rec 0 A 0 other 0
216.69.185.49 freesite.work. expired rto 120000
216.69.185.49 veCodC.cOM. expired rto 120000
216.69.185.49 hogs4Dogs.CoM. ttl 54 ping 0 var 94 rtt 376 rto 120000
tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay