Maintained by: NLnet Labs

Unbound Srvfail cache

Mahdi Adnan
Thu Jul 6 09:51:32 CEST 2017


Including unbound users.


--

Respectfully
Mahdi A. Mahdi



________________________________
From: Mahdi Adnan <mahdi.adnan at outlook.com>
Sent: Thursday, July 6, 2017 10:49 AM
To: W.C.A. Wijngaards
Subject: Re: Unbound Srvfail cache


Hi Wouter,


The issue does scale for more than 15 minutes, and it will keeps on this behavior unless i restart the service or flush the cache.

Version 1.4.20 is the latest from redhat.

I configured infra-host-ttl to 120 seconds, will see if this helps.



Thanks you very much.

--

Respectfully
Mahdi A. Mahdi

________________________________
From: Unbound-users <unbound-users-bounces at unbound.net> on behalf of W.C.A. Wijngaards via Unbound-users <unbound-users at unbound.net>
Sent: Thursday, July 6, 2017 10:23:06 AM
To: unbound-users at unbound.net
Subject: Re: Unbound Srvfail cache

Hi Mahdi,

Unbound only probes every 15 minutes (infra-ttl) to see if servers are
back up.  You could lower infra-ttl in your config.

Also, you could update, 1.4.20 is from 2012.  Perhaps the newer version
does not have this issue in this manner.

You can also flush the infra cache, with unbound-control flush_infra
all, that way you don't lose the DNS cache.

Best regards, Wouter

On 06/07/17 08:05, Mahdi Adnan via Unbound-users wrote:
> Hi folks,
>
>
> We have a situation here with Unbound, during internet outage for an
> hour or so, Unbound keeps replying with server servfail for valid
> domains even after it gain access to internet, to fix this, i have to
> reload or restart Unbound.
>
> This happens every time we lose internet for more than 30 minutes or so.
>
> Any way to fix this ?
>
> Appreciate your time.
>
>
> OS: CentOS 7.3
>
> Unbound: Version 1.4.20
>
>
> Config:
>
>
> server:
>
> access-control: 0.0.0.0/0 deny
> access-control: x.x.x.x/x allow
> verbosity: 1
> statistics-interval: 0
> statistics-cumulative: no
> extended-statistics: yes
> num-threads: 16
> interface: xx.xx.xx.xx
> interface: xx.xx.xx.xx
> interface: xx.xx.xx.xx
> interface: xx.xx.xx.xx
> interface: 127.0.0.1
> interface-automatic: no
> port: 53
> outgoing-range: 8196
> num-queries-per-thread: 1600
> outgoing-num-tcp: 100
> incoming-num-tcp: 100
> so-rcvbuf: 8m
> so-sndbuf: 8m
> msg-cache-size: 2G
> rrset-cache-size: 4G
> msg-cache-slabs: 16
> rrset-cache-slabs: 16
> infra-cache-slabs: 16
> infra-cache-numhosts: 10000000
> do-ip4: yes
> do-ip6: yes
> do-udp: yes
> do-tcp: yes
> do-daemonize: yes
> chroot: ""
> username: "unbound"
> directory: "/etc/unbound"
> logfile: "/var/log/unbound.log"
> log-queries: no
> use-syslog: yes
> log-time-ascii: yes
> pidfile: "/var/run/unbound/unbound.pid"
> root-hints: "/etc/unbound/root.hints"
> hide-identity: yes
> hide-version: yes
> harden-glue: yes
> harden-dnssec-stripped: yes
> harden-below-nxdomain: yes
> harden-referral-path: yes
> use-caps-for-id: no
> unwanted-reply-threshold: 100000
> prefetch: yes
> prefetch-key: yes
> rrset-roundrobin: yes
> minimal-responses: yes
> trusted-keys-file: /etc/unbound/keys.d/*.key
> auto-trust-anchor-file: "/var/lib/unbound/root.key"
> val-log-level: 1
> key-cache-size: 1G
> key-cache-slabs: 16
> neg-cache-size: 1k
> include: /etc/unbound/local.d/*.conf
> # Remote control config section.
> remote-control:
> control-enable: yes
> # control-interface: 127.0.0.1
> # control-port: 953
> server-key-file: "/etc/unbound/unbound_server.key"
> server-cert-file: "/etc/unbound/unbound_server.pem"
> control-key-file: "/etc/unbound/unbound_control.key"
> control-cert-file: "/etc/unbound/unbound_control.pem"
> # Stub and Forward zones
> include: /etc/unbound/conf.d/*.conf
>
>
>
> --
>
> Respectfully*
> **Mahdi A. Mahdi*
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170706/efe81e44/attachment-0001.html>