Hi, > On 7 May 2025, at 21:56, Robert Edmonds <edmo...@mycre.ws> wrote: > > Fredrik Pettai via dnsdist wrote: >> Hi, >> >> We have dnsdist running on the same machine as the backend DNS server it >> talks to (over the loopback interface). >> >> The dnsdist workers get timeouts from time to time which is a bit odd given >> the backend is on the same server and uses the default check of >> a.root-servers.net (which should be locally cached in unbound). >> (Running a query locally for a.root-servers.net every second never fails, >> I’ve also tested with other names, cached or uncached, and the pattern of >> timeouts doesn’t change much) > > Hi, > > What version of Unbound are you using?
We’re on 1.22 > Unbound 1.20.0 introduced a "wait-limit" feature which limits the number > of outstanding queries that a client can have waiting for recursion. > Most of the time a.root-servers.net will be in cache and not subject to > the wait limit, but it will presumably need to be refreshed from time > to time, maybe more often than the TTL interval if it is evicted due to > cache pressure or if cache-max-ttl is lowered? > > Unbound 1.23.0 introduced a standalone metric [0] that counts when the > wait-limit feature causes a dropped query, but that same version also > exempts loopback IP addresses from the wait-limit by default [1]. > > So, if you are using Unbound versions 1.20.0 through 1.22.0 you may > want to consider upgrading to 1.23.0 or setting "wait-limit: 0" in the > configuration. Thanks for the insights! I’ll try out setting "wait-limit: 0” first then and see if the makes the situation better. > [0]: https://github.com/NLnetLabs/unbound/pull/1159 > > [1]: https://github.com/NLnetLabs/unbound/issues/1263 > > -- > Robert Edmonds Re, /P
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
