Hi, Can you clarify a little more please? In the packet capture, did unbound receive public answers incorrectly from the upstream resolver or did unbound make a recursive query?
Just trying to be 100% sure where the problem is. Gavin On Wed, Oct 31, 2018, 7:43 AM Andrew Meyer via Unbound-users < [email protected] wrote: > I don't have forward-first enabled on any of the forwarded domains. We > have done a tcpdump and unbound is reaching the forwarded DNS server each > time but its not getting the correct information when establishing the web > connection. > > > On Wednesday, October 31, 2018 9:29 AM, Ralph Dolmans via Unbound-users < > [email protected]> wrote: > > > Hi Andrew, > > Not sure I understand your question/problem. Is Unbound sometimes > skipping the forwarder and resolving as if there is no forwarder > configured? Do you have forward-first enabled? In that case Unbound will > ignore the configured forwarder when they become unreachable. Maybe that > happened? > > -- Ralph > > On 30-10-18 14:52, Andrew Meyer via Unbound-users wrote: > > I have recently setup unbound on CentOS 7 (latest) running version > > 1.6.6. So far unbound has been chugging away for about a month. In my > > configuration I have an on premise server configured with lots of > > internal forwarded domains going to Amazon Route53. As of yesterday > > unbound started to flip/flop resolution from the internal/private zones > > to the external zones. I'm not sure why. I have turned up the logging > > verbosity to see if there was an apparent issue. I though at one point > > we hit a wall with number of packets per request. My colleague and I > > thought we hit a resource records maximum limit. We have opened a > > ticket with Amazon to get more information on their side. > > > > In my config file: > > num-threads: 4 > > so-rcvbuf: 4m > > so-sndbuf: 4m > > cache-max-negative-ttl: 10 > > do-ip4: yes > > do-ip6: yes > > do-udp: yes > > do-tcp: yes > > > > > > Everything in my zones config file is a forward-zone and not a > > stub-zone, not sure if that matters. > > > > Any help is greatly appreciated. > > > > Regards, > > Andrew > > >
