Re: [Unbound-users] Unbound and Round Robin DNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/21/2009 07:53 PM, Aaron Hopkins wrote: > On Fri, 21 Aug 2009, Paul Wouters wrote: > >> Perhaps Wouter can explain that part, as I am sure some conscious design >> decision has gone into that. > > I'm guessing this is the same anti-feature-creep sentiment as why > round-robinning RRs was left out of NSD. This is unfortunate, because very > few clients bother to use anything but the first IP returned by their > resolver. Yes. Unbound tries very hard to preserve the original answer. Its lower and uppercase use in names. And also the ordering in the data and RRSIG records. Also, it is faster and anti-feature-creep. Best regards, Wouter -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkqWny0ACgkQkDLqNwOhpPikYwCfdT78q4eRNwMG7PQbOn1BKxNv T1YAn3jjkdt8zllFzhWrONi4KrvVwaLv =Q6Kt -END PGP SIGNATURE- ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] Unbound and Round Robin DNS
On Fri, Aug 21, 2009 at 7:53 PM, Aaron Hopkins wrote: On Fri, 21 Aug 2009, Paul Wouters wrote: > > Perhaps Wouter can explain that part, as I am sure some conscious design >> decision has gone into that. >> > > I'm guessing this is the same anti-feature-creep sentiment as why > round-robinning RRs was left out of NSD. This is unfortunate, because very > few clients bother to use anything but the first IP returned by their > resolver. > > But in 300 seconds, things will change. For me, the list got returned >> the second time as: >> > > This would not be true if cnn.com were served by NSD. The ordering would > by > the same, every time, resulting in at least 3x the load reaching the first > IP in the zone file. Hi Aaron and Paul, Thanks for the replies. If I read this correctly, this seems to negate the whole point of using dns round robin. Depending on what my TTL is set to, all queries will be delivered to the first host, whether there are 3 or 30 hosts, and will continue to be delivered to that host until the TTL expires and the cache goes and fetches the records again. Hopefully I am reading this incorrectly and it is possible to get unbound to cycle through its records. Cheers, Gareth ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] Unbound and Round Robin DNS
On Fri, 21 Aug 2009, Paul Wouters wrote: Perhaps Wouter can explain that part, as I am sure some conscious design decision has gone into that. I'm guessing this is the same anti-feature-creep sentiment as why round-robinning RRs was left out of NSD. This is unfortunate, because very few clients bother to use anything but the first IP returned by their resolver. But in 300 seconds, things will change. For me, the list got returned the second time as: This would not be true if cnn.com were served by NSD. The ordering would by the same, every time, resulting in at least 3x the load reaching the first IP in the zone file. -- Aaron ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] Unbound and Round Robin DNS
On Fri, 21 Aug 2009, Gareth Hopkins wrote: I am in the process of testing unbound and have found the following with round robin dns entries. Using www.cnn.com as an example, unbound gives me the same answer (157.166.255.19) everytime whereas bind gives me the intended different answers. Example below. Command used was while true; do date; nslookup www.cnn.com| head -n6 ; sleep 1; done dig against unbound gives me : ;; ANSWER SECTION: www.cnn.com.266 IN A 157.166.224.26 www.cnn.com.266 IN A 157.166.226.25 www.cnn.com.266 IN A 157.166.226.26 www.cnn.com.266 IN A 157.166.255.18 www.cnn.com.266 IN A 157.166.255.19 www.cnn.com.266 IN A 157.166.224.25 Seems like they use a TTL of 300. Asking unbound with nslookup gives all 6 records, but I guess unbound is not cycling them in any way, so you keep getting the first record. Perhaps Wouter can explain that part, as I am sure some conscious design decision has gone into that. But in 300 seconds, things will change. For me, the list got returned the second time as: ;; ANSWER SECTION: www.cnn.com.300 IN A 157.166.255.19 www.cnn.com.300 IN A 157.166.224.25 www.cnn.com.300 IN A 157.166.224.26 www.cnn.com.300 IN A 157.166.226.25 www.cnn.com.300 IN A 157.166.226.26 www.cnn.com.300 IN A 157.166.255.18 So to my applications (eg ping) their address changed from 157.166.224.26 to 157.166.255.19. Paul ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
[Unbound-users] Unbound and Round Robin DNS
Hi, I am in the process of testing unbound and have found the following with round robin dns entries. Using www.cnn.com as an example, unbound gives me the same answer (157.166.255.19) everytime whereas bind gives me the intended different answers. Example below. Command used was while true; do date; nslookup www.cnn.com| head -n6 ; sleep 1; done Unbound Version 1.3.3 linked libs: event 1.4.12-stable, ldns 1.6.0_20090714, OpenSSL 0.9.8e 23 Feb 2007 linked modules: validator iterator Fri Aug 21 12:01:28 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.255.19 Fri Aug 21 12:01:29 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.255.19 Fri Aug 21 12:01:30 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.255.19 Fri Aug 21 12:01:31 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.255.19 Fri Aug 21 12:01:32 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.255.19 Fri Aug 21 12:01:33 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.255.19 Bind version BIND 9.4.3-P3 Fri Aug 21 12:06:47 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.224.25 Fri Aug 21 12:06:48 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.255.19 Fri Aug 21 12:06:49 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.255.18 Fri Aug 21 12:06:50 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.226.26 Fri Aug 21 12:06:51 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.226.25 Fri Aug 21 12:06:52 SAST 2009 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.224.26 Is there something I need to set in unbound to get it to return the random answers like bind does? Thanks Gareth ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users