-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dmitriy,
What is happening is that the server has blacklisted the forwarder IP address. Because it does not answer any queries (it has to be unreachable for about 2 minutes or more for that to happen). This blacklist has a TTL of 15 minutes, by default. You can set it in the config file. infra-host-ttl: 900 # default 900 seconds You could set it to infra-host-ttl: 60 It would then come back up within a minute after the connection is reestablished. This config parameter also sets how long roundtrip times and EDNS-support is cached. This cache is not cleared when you do a reload command. So, although this all exactly explains what is happening to you. And there is a config setting to workaround the problem. I do not know how I can help to fix it. Best regards, Wouter Dmitriy Demidov wrote: > Hi Wouter. > > Looks like there is a problem with forward-zone: mechanism. If I'l setup > unbound for request forwarding to my ISP's DNS cache server, and during this > time of operations my Internet connection fails for a couple of minutes (3-7 > min average), then unbound freazes in strange condition and do not makes any > queing at all until hard restarting (restarting using unbound-control do not > helps - only via rc.d script). In the same time, unbound continues to answer > for names what remained in it's cache, but if I do nslookup for something > what is not cached, then it says SERVFAIL in the same moment - SERVFAIL > without any timeout for queuing. And bad news is that unbound stays in > this "freaze condition" after Internet connection has been reistablished... > > Internet connection do not fails physically (ethernet no-carrier) but only > logicaly (no respons from GW or somthing like this). > > How to repeate: > > 1) start unbound in ' forward-zone name: "." ' mode > 2) prevent it's communication with forward-addr: DNS server > 3) wait for ~5min and make during this time a lot of resolving queues > 4) connect internet back - unbound will stays in "freaze" > > My system is FreeBSD 7.1-PRERELEASE, unbound is compilled from ports with > threads and are linked with libevent-1.4.8. > > ============== > My unbound.conf > > > server: > verbosity: 5 > statistics-interval: 120 > num-threads: 1 > interface: 0.0.0.0 > outgoing-range: 512 > msg-cache-size: 16m > msg-cache-slabs: 4 > num-queries-per-thread: 1024 > rrset-cache-size: 32m > rrset-cache-slabs: 4 > cache-max-ttl: 86400 > do-ip4: yes > do-ip6: no > do-udp: yes > do-tcp: yes > do-daemonize: yes > access-control: 0.0.0.0/0 refuse > access-control: 192.168.1.0/24 allow > access-control: 127.0.0.0/8 allow > chroot: "/usr/local/etc/unbound" > username: "unbound" > directory: "/usr/local/etc/unbound" > logfile: "/usr/local/etc/unbound/unbound.log" > use-syslog: no > pidfile: "/usr/local/etc/unbound/unbound.pid" > root-hints: "/usr/local/etc/unbound/named.cache" > harden-glue: yes > do-not-query-address: 127.0.0.1/8 > module-config: "iterator" > remote-control: > control-enable: yes > control-interface: 0.0.0.0 > forward-zone: > name: "." > forward-addr: 195.122.12.242 > ========== > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkrtdsACgkQkDLqNwOhpPgy1ACffkc18Zx5MO63ZcWHLXBWjCmb BD0AoJTwRHefoWJgwVgbjbE0NfLPpTMs =KjQQ -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
