[Unbound-users] forwarders problem

Wouter Wijngaards wouter at nlnetlabs.nl
Fri Jul 11 06:27:28 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Will,

On 07/11/2014 01:07 AM, Will Yardley wrote:
> I'm setting up Unbound for a new group of mail systems. The systems
> have rbldnsd running on port 3768. I'm having trouble configuring
> the forwarders statements. Additionally, uncached queries (whether
> to the local rbldnsd or to external DNS servers) seem to take a bit
> of time.
> 
> This is the default unbound RPM for RHEL6: 1.4.21.1.el6
> 
> main pertinent performance related configs are: server: 
> num-threads: 16 outgoing-range: 8192 so-rcvbuf: 4m so-sndbuf: 4m 
> msg-cache-slabs: 16 num-queries-per-thread: 4096 rrset-cache-size:
> 100m rrset-cache-slabs: 16
> 
> (system has 2x 8 cores @ 2.60 GHz, 15k disks in RAID 10).
> 
> My config lists the forward address and alternate port as so (I've
> tried changing the indenting, putting double-quotes around the
> forward-addr statement, etc.).
> 
> # tail -4 /etc/unbound/unbound.conf forward-zone: name:
> "zen.spamhaus.org." forward-addr: 127.0.0.1 at 3768

You need to set do-not-query-localhost: no  so that unbound can send
queries to 127.0.0.1.

Best regards, Wouter


> Even though the forwarder seems to be listed (list_forwards doesn't
> seem to print the alternate port information even when it's
> configured and working: see below): # unbound-control list_forwards
>  zen.spamhaus.org. IN forward: 127.0.0.1
> 
> I get SERVFAIL when trying to do a lookup: # dig @localhost
> 2.0.0.127.zen.spamhaus.org
> 
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost
> 2.0.0.127.zen.spamhaus.org ; (1 server found) ;; global options:
> +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status:
> SERVFAIL, id: 54375 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0,
> AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION: ;2.0.0.127.zen.spamhaus.org.	IN	A
> 
> ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN:
> Thu Jul 10 15:50:55 2014 ;; MSG SIZE  rcvd: 44
> 
> However, the alternate port can resolve it quite quickly: # time
> dig @localhost -p 3768 2.0.0.127.zen.spamhaus.org +short 127.0.0.2 
> 127.0.0.10 127.0.0.4
> 
> real	0m0.005s user	0m0.000s sys	0m0.003s
> 
> 
> However, if I add the forwarder using unbound-control, it then
> works, however, the query time is quite long:
> 
> # unbound-control forward_add zen.spamhaus.org 127.0.0.1 at 3768 ok
> 
> # unbound-control list_forwards zen.spamhaus.org. IN forward:
> 127.0.0.1
> 
> # dig @localhost 2.0.0.127.zen.spamhaus.org
> 
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost
> 2.0.0.127.zen.spamhaus.org ; (1 server found) ;; global options:
> +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
> id: 9595 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0,
> ADDITIONAL: 0
> 
> ;; QUESTION SECTION: ;2.0.0.127.zen.spamhaus.org.	IN	A
> 
> ;; ANSWER SECTION: 2.0.0.127.zen.spamhaus.org. 300	IN	A	127.0.0.10 
> 2.0.0.127.zen.spamhaus.org. 300	IN	A	127.0.0.4 
> 2.0.0.127.zen.spamhaus.org. 300	IN	A	127.0.0.2
> 
> ;; Query time: 1029 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;;
> WHEN: Thu Jul 10 15:51:25 2014 ;; MSG SIZE  rcvd: 92
> 
> Any suggestions (and any performance tuning tips; I did try to
> follow http://unbound.net/documentation/howto_optimise.html) would
> be helpful. _______________________________________________ 
> Unbound-users mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTv4PPAAoJEJ9vHC1+BF+NZR4P/RoGudT2FVem+gP0iQbfNJjo
xHCcdlata78rlosPb2F4wgD5thXlGr2hHddKWjnCA1Jcik97BD6ZPQNfRDrtQU8D
vxEI+WxppH7OsBPnYvuk8kglo7vLAepcPgQKw8DBF5L0FLPqArgnn7QsuO7xMmz4
8lBaHaLbU+AIuHpcFzrUY9BdepwXsV36QpqfM45XY2kseAENapK+AVJeP0rDlGXf
aXE+LrVF+CYya+O5FX98Bgtwh284SnH8kuyPV3qHkErLTiQGQbFqx/dyiQ0VV5LH
Z2vbBMElJKxSqcoqWMghxHEzMLR9k6SvbW1ZRwv4vPpn6BQICDsnLgFr4inP7t2X
vCpm5HZGoeaDjBMeNb2TizzUtQNY/q2fjaMPN6tn/phOXLRCybBlniUpSX0li1gR
IQz8jKxMC/gH6aE1yjCzulWcv2zCTEjrBvnQC/s4Y/ihvWUQl44DUegXAlZY683B
VvDWu7hPa4netoJrwT6OHfiTiq0RKD/aLHsFlVsuMf9/N/2rZAdaf8LPs7CtSR+C
JN4JwmHN1aAu81/ZsCsI3jpCQ3+ZNpkb7gSmVzVkCOtQupE4M6acsG2NCIjO+uav
8MaUJGzGBqBwamheoLZJxuh2QQO0a1nA1m+uhU5HTZzUQIZE0J0h7+JlX4OYGMNJ
IP5FQeHaOT+K9MWdG4cZ
=LaRt
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list