Disable timeout feature?
Igor Sverkos
igor.sverkos at gmail.com
Wed Feb 7 04:17:40 UTC 2024
Hi,
I am using unbound in my LAN.
I am also connected to a corporate network via VPN.
I am not using the DNS server from the remote site because I don't
want to route my entire DNS traffic through the corporate DNS. For
example, my local resources in my LAN like my printer or NAS would
became inaccessible via DNS because the corporate DNS doesn't know my
local zone.
To be still able to access the remote site via DNS, I configured a
stub zone for the remote site, i.e.
forward-zone:
name: "corp.local."
forward-addr: 192.250.1.1
192.250.1.1 is only available via the VPN connection.
>From time to time, the VPN connection goes down. Due to MFA
requirement, I cannot automate the connection so it will take some
time until I notice, have access to my TOTP generator and can
re-establish the connection.
However, during that downtime, unbound will notice that 192.250.1.1 is
dead (probably because I am still doing DNS lookups against corp.local
zone) and will flag this server as down. If I am not mistaken, unbound
won't probe this server again for the next 15 minutes
(https://unbound.docs.nlnetlabs.nl/en/latest/reference/history/info-timeout-server-selection.html#blocking).
When I now have re-established the VPN connection and try to do a DNS
lookup in corp.local zone, it is still failing due to that. I often
find myself in the situation that I have no patience to wait that long
and just restart unbound to workaround.
Is there a way to turn off that feature?
--
Regards,
Igor
More information about the Unbound-users
mailing list