[Unbound-users] Query over 'forward-addr' / 'forward-first'
wouter at nlnetlabs.nl
Wed Jul 18 13:01:46 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 07/14/2012 12:17 AM, Karl Pielorz wrote:
> Hi All,
> I've just started looking at Unbound, under FreeBSD 9, currently
> running unbound 1.4.17.
> I have three 'local' nameservers on our LAN, and I've been using:
> " forward-zone: name: "." forward-addr: 184.108.40.206 forward-addr:
> 220.127.116.11 forward-addr: 18.104.22.168 forward-first: yes "
> [obviously 'example' IP's!]
> This seems to work fine - i.e. under normal circumstances, queries
> are answered fine. If I deliberately "fail" 22.214.171.124 - queries are
> still answered, ditto if I fail 126.96.36.199 as well - they are all sent
> to 188.8.131.52 to be resolved, and the system can still resolve names.
> In 1.4.17 how are forwarders selected? - From syslog/verbose
> logging - it appears it latches onto one, and stays with it (maybe
> the fastest responder?)
Unbound randomly picks one from the available list. It uses RTT
banding (slow ones are not used, e.g. if it times out).
> Is there any way of seeing (e.g. from 'unbound-control
> dump_infra') which forwarders it considers 'available' or 'not
> available' / down?
Yes, dump_infra would do so, the IP addresses are listed, right?
Or, unbound-control lookup .
> Also, can someone clarify what 'forward-first' actually means? - In
> the man page it says:
> "If enabled, a query is attempted without the forward clause if
> it fails. The default is no."
> With this set to 'yes' - if I fail all the forwarders, nothing
> gets resolved (I was kind of expecting it to retry the query - with
> the roots? - i.e. no forwarders?) - or does this not apply if
> you're trying to forward "."?
It resolves the query with the roots. But this may need a timeout of
several seconds before it does so.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Unbound-users