Hi,

> On 7 May 2025, at 21:56, Robert Edmonds <edmo...@mycre.ws> wrote:
> 
> Fredrik Pettai via dnsdist wrote:
>> Hi,
>> 
>> We have dnsdist running on the same machine as the backend DNS server it 
>> talks to (over the loopback interface).
>> 
>> The dnsdist workers get timeouts from time to time which is a bit odd given 
>> the backend is on the same server and uses the default check of 
>> a.root-servers.net (which should be locally cached in unbound).
>> (Running a query locally for a.root-servers.net every second never fails, 
>> I’ve also tested with other names, cached or uncached, and the pattern of 
>> timeouts doesn’t change much)
> 
> Hi,
> 
> What version of Unbound are you using?

We’re on 1.22

> Unbound 1.20.0 introduced a "wait-limit" feature which limits the number
> of outstanding queries that a client can have waiting for recursion.
> Most of the time a.root-servers.net will be in cache and not subject to
> the wait limit, but it will presumably need to be refreshed from time
> to time, maybe more often than the TTL interval if it is evicted due to
> cache pressure or if cache-max-ttl is lowered?
> 
> Unbound 1.23.0 introduced a standalone metric [0] that counts when the
> wait-limit feature causes a dropped query, but that same version also
> exempts loopback IP addresses from the wait-limit by default [1].
> 
> So, if you are using Unbound versions 1.20.0 through 1.22.0 you may
> want to consider upgrading to 1.23.0 or setting "wait-limit: 0" in the
> configuration.

Thanks for the insights!
 I’ll try out setting "wait-limit: 0” first then and see if the makes the 
situation better.

> [0]: https://github.com/NLnetLabs/unbound/pull/1159
> 
> [1]: https://github.com/NLnetLabs/unbound/issues/1263
> 
> --
> Robert Edmonds

Re,
/P

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Reply via email to