Jostle logic seems to randomly stop working

Tuomo Soini tis at foobar.fi
Wed May 23 19:38:50 UTC 2018


On Wed, 23 May 2018 08:11:09 +0200
"W.C.A. Wijngaards via Unbound-users" <unbound-users at unbound.net> wrote:

> Hi Dmitry,
> 
> On 19/05/18 03:59, Dmitri Kourennyi via Unbound-users wrote:
> > More investigation results:
> > 
> > I think the issue appears when unbound is trying to probe the master
> > servers for
> > the auth_zone section. The logs show unbound doing lookups on all
> > the auth_zone
> > domain names in my config, and I think unbound is answering them
> > from its own
> > cache. After the lookups, I get the following in the logs:  
> 
> Can you show the work that it does for looking up one of the root
> servers?  Not getting an address must be causing it to not have
> content. But it does work (eventually), you say, once the long list
> appears, that means the AXFR has completed.  Meanwhile you should
> have normal service, because the zone is loaded (the file that is
> configured has content, right?)?  When a normal query arrives, it
> should just be answered with the auth-zone?
> 
> The bug that was fixed in 1.7.1 (causes problem now?), supposedly
> fixes behaviour with respect to the forward-zones configured.  Is
> that still not right somehow?  Note that having a forward zone for
> "." and also an auth-zone 7706 for the root, in 1.7.1 answers only
> queries for the root itself from the root (only domain ".") and other
> queries from the forward-zone.  Where in 1.7.0 it would pick the
> auth-zone referral and go make authoritative queries (and that was a
> bug and fixed).  So, if 1.7.1 does not work, perhaps authoritative
> queries work, but the forward-zone does not work so well.  And if you
> remove that, then unbound starts making authoritative queries again.
> 
> That the root zone is downloaded every half hour is normal, that is
> exactly the AXFR of the root zone that the auth-zone is supposed to
> do. So that seems to be working fine and is keeping the root zone up
> to date.

I did hit this same issue with 1.7.1rc1 with just root zone and without
any forward zone. In my small installation unbound stopped answering
queries after a day or two. And fix for the issue is removing auth-zone
7706. And this worked on 1.7.0.

-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180523/be41eac0/attachment.bin>


More information about the Unbound-users mailing list