Fredrik Pettai via dnsdist wrote: > Hi, > > We have dnsdist running on the same machine as the backend DNS server it > talks to (over the loopback interface). > > The dnsdist workers get timeouts from time to time which is a bit odd given > the backend is on the same server and uses the default check of > a.root-servers.net (which should be locally cached in unbound). > (Running a query locally for a.root-servers.net every second never fails, > I’ve also tested with other names, cached or uncached, and the pattern of > timeouts doesn’t change much)
Hi, What version of Unbound are you using? Unbound 1.20.0 introduced a "wait-limit" feature which limits the number of outstanding queries that a client can have waiting for recursion. Most of the time a.root-servers.net will be in cache and not subject to the wait limit, but it will presumably need to be refreshed from time to time, maybe more often than the TTL interval if it is evicted due to cache pressure or if cache-max-ttl is lowered? Unbound 1.23.0 introduced a standalone metric [0] that counts when the wait-limit feature causes a dropped query, but that same version also exempts loopback IP addresses from the wait-limit by default [1]. So, if you are using Unbound versions 1.20.0 through 1.22.0 you may want to consider upgrading to 1.23.0 or setting "wait-limit: 0" in the configuration. [0]: https://github.com/NLnetLabs/unbound/pull/1159 [1]: https://github.com/NLnetLabs/unbound/issues/1263 -- Robert Edmonds _______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
