Hi Eliezer, I am not sure what you mean by empty A records. Unbound will already return a SERVFAIL answer if it is not able to contact upstream, which seems to be your desired behavior.
-- Ralph On 20-01-19 20:19, Eliezer Croitoru via Unbound-users wrote: > Hey, > > I have couple DNS servers In my network and I do not know how to handle this > specific issue. > The client server uses Dnsmasq as a DNS proxy and the upstream servers are > two unbound servers. > Last week for some reason the network traffic of one of the unbound > recursive servers was severed to the outer world. > 1 - ...53 > 2 - ...153 > > Dnsmasq - ...51 > > In turn dnsmasq ran a query against the second unbound service ...153 and > for some reason it returned an empty A record for every request. >>From dnsmasq point of view it's a valid response and there for do not run > another query against server 2 ...53 . > I would prefer that a SERVFAIL or another way Dnsmasq will be notified that > this specific unbound instance cannot answer the query. > If dnsmasq will know that fact it will retry against the next server. > > Any recommendations are more than welcome. > > Thanks, > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: [email protected] > >
