[Unbound-users] forward zone order

W.C.A. Wijngaards wouter at nlnetlabs.nl
Wed Jan 14 07:54:52 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Will,

On 01/14/2015 02:10 AM, Will Yardley wrote:
> On Tue, Jan 06, 2015 at 09:50:32PM -0800, Will Yardley wrote:
> 
>> I had expected that the behavior would be to prefer the first in
>> the list, however, from a couple things I noticed today, I'm not
>> so sure.
>> 
>> My config is as follows:
>> 
>> forward-zone: name: "zen.spamhaus.org" forward-addr:
>> 127.0.0.1 at 3768 forward-addr: xx.xx.xx.xx
> 
> I verified that a significant amount of traffic is being sent to
> the second forwarder. Short of using external software or setting
> up an internal load-balanced VIP, is there any way with unbound to
> prefer a specific forwarder (in this case, the local one), except
> as a failover?
> 
> For DNSBL lookups, would I be better off using stub zones instead
> of forwarders (the dnsbl servers are authoritative), and would the
> behavior be any different then?

Yes a stub is better if they are authoritative, likely saves
processing for unbound.  The behaviour is the same, it randomly
chooses, based on the ping-times of the servers.  There is the
forward-first: option, but I am unsure if it does what you want
(disable the stub clause temporarily if the local ip address fails for
a minute or so).

Best regards,
   Wouter


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUtiDMAAoJEJ9vHC1+BF+NZLUP/jJhBtILMVI6WDjW6MKKs6EX
3DApsUNZia5ErNexryaBLpIuk6vXCvmI7I12PjmZiqdNiOcZes5cB4mwos3IuxWi
J/pWYb5CqqOZTsLyUsHhRbKoCmSQmh45EQopxLmyvdCgum7MYY7UV+jjg0XOkojP
Yp8KQO5CBBDqN0PYn7SdOwn/35cphU4mWNIuCEKxBNL2QCAF7853EpZA6Y2+dnhX
rdsyFe3b4aOeRJl9LQVteFbc6bJmZqbHRnTRi7bkg9iR1DjbkxA1t8WNdBCU+094
C15191U4sqvfqu//9JKGT97xJZ7rEBlSRtUELQzZidblW6bf9n2p+8p6nqOO77/7
KUnNzYFAPGHoO9nYjlCXe2wzJ9OWJcy5vLf2deMqXJM1qL0/ZIk31gODVnBQosXo
w52yPTkctmi0KC/8LvsKevRjvWjBDSA/78QVPs7vh2PlwMMFcOiMIm6GBbmN6ZG9
Sv8wUhq+DjWbDhAHxniE7R9f5oZ0Bzrbjbmd96YLzgvaTP/ga6i5UpkJ74C5DuKE
VKj4cyBXutG2+P1ikjTc+rAR6I31q3ApzzK7dbjxq8J0Gm2/yv0QmLUYbZN/w8Lw
lCtPwKeejVVub+rdcjz0KB7c0c73yLEHGcZrr4fBG8c/uDQTcPqqJPXh56oKnMMG
khrnX/Q7nRy1pNH9gZSe
=7GNv
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list