Maintained by: NLnet Labs

Unbound Srvfail cache

Mahdi Adnan
Thu Jul 6 08:05:11 CEST 2017


Hi folks,


We have a situation here with Unbound, during internet outage for an hour or so, Unbound keeps replying with server servfail for valid domains even after it gain access to internet, to fix this, i have to reload or restart Unbound.

This happens every time we lose internet for more than 30 minutes or so.

Any way to fix this ?

Appreciate your time.


OS: CentOS 7.3

Unbound: Version 1.4.20


Config:


server:

access-control: 0.0.0.0/0 deny
access-control: x.x.x.x/x allow
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 16
interface: xx.xx.xx.xx
interface: xx.xx.xx.xx
interface: xx.xx.xx.xx
interface: xx.xx.xx.xx
interface: 127.0.0.1
interface-automatic: no
port: 53
outgoing-range: 8196
num-queries-per-thread: 1600
outgoing-num-tcp: 100
incoming-num-tcp: 100
so-rcvbuf: 8m
so-sndbuf: 8m
msg-cache-size: 2G
rrset-cache-size: 4G
msg-cache-slabs: 16
rrset-cache-slabs: 16
infra-cache-slabs: 16
infra-cache-numhosts: 10000000
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
chroot: ""
username: "unbound"
directory: "/etc/unbound"
logfile: "/var/log/unbound.log"
log-queries: no
use-syslog: yes
log-time-ascii: yes
pidfile: "/var/run/unbound/unbound.pid"
root-hints: "/etc/unbound/root.hints"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
use-caps-for-id: no
unwanted-reply-threshold: 100000
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-log-level: 1
key-cache-size: 1G
key-cache-slabs: 16
neg-cache-size: 1k
include: /etc/unbound/local.d/*.conf
# Remote control config section.
remote-control:
control-enable: yes
# control-interface: 127.0.0.1
# control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
# Stub and Forward zones
include: /etc/unbound/conf.d/*.conf



--

Respectfully
Mahdi A. Mahdi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170706/0add1095/attachment.html>