subject:"\[Unbound\-users\] Unbound and Round Robin DNS"

Re: [Unbound-users] Unbound and Round Robin DNS

2009-08-27 Thread W.C.A. Wijngaards

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/21/2009 07:53 PM, Aaron Hopkins wrote:
> On Fri, 21 Aug 2009, Paul Wouters wrote:
> 
>> Perhaps Wouter can explain that part, as I am sure some conscious design
>> decision has gone into that.
> 
> I'm guessing this is the same anti-feature-creep sentiment as why
> round-robinning RRs was left out of NSD.  This is unfortunate, because very
> few clients bother to use anything but the first IP returned by their
> resolver.

Yes.

Unbound tries very hard to preserve the original answer.
Its lower and uppercase use in names.
And also the ordering in the data and RRSIG records.
Also, it is faster and anti-feature-creep.

Best regards,
   Wouter
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkqWny0ACgkQkDLqNwOhpPikYwCfdT78q4eRNwMG7PQbOn1BKxNv
T1YAn3jjkdt8zllFzhWrONi4KrvVwaLv
=Q6Kt
-END PGP SIGNATURE-
___
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

Re: [Unbound-users] Unbound and Round Robin DNS

2009-08-26 Thread Gareth Hopkins

On Fri, Aug 21, 2009 at 7:53 PM, Aaron Hopkins  wrote:

On Fri, 21 Aug 2009, Paul Wouters wrote:
>
>  Perhaps Wouter can explain that part, as I am sure some conscious design
>> decision has gone into that.
>>
>
> I'm guessing this is the same anti-feature-creep sentiment as why
> round-robinning RRs was left out of NSD.  This is unfortunate, because very
> few clients bother to use anything but the first IP returned by their
> resolver.
>
>  But in 300 seconds, things will change. For me, the list got returned
>> the second time as:
>>
>
> This would not be true if cnn.com were served by NSD.  The ordering would
> by
> the same, every time, resulting in at least 3x the load reaching the first
> IP in the zone file.

Hi Aaron and Paul,

Thanks for the replies.

If I read this correctly, this seems to negate the whole point of using dns
round robin.

Depending on what my TTL is set to, all queries will be delivered to the
first host, whether
there are 3 or 30 hosts, and will continue to be delivered to that host
until the TTL expires
and the cache goes and fetches the records again.

Hopefully I am reading this incorrectly and it is possible to get unbound to
cycle through
its records.

Cheers,

Gareth
___
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

Re: [Unbound-users] Unbound and Round Robin DNS

2009-08-21 Thread Aaron Hopkins


On Fri, 21 Aug 2009, Paul Wouters wrote:


Perhaps Wouter can explain that part, as I am sure some conscious design
decision has gone into that.


I'm guessing this is the same anti-feature-creep sentiment as why
round-robinning RRs was left out of NSD.  This is unfortunate, because very
few clients bother to use anything but the first IP returned by their
resolver.


But in 300 seconds, things will change. For me, the list got returned
the second time as:


This would not be true if cnn.com were served by NSD.  The ordering would by
the same, every time, resulting in at least 3x the load reaching the first
IP in the zone file.

-- Aaron
___
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

Re: [Unbound-users] Unbound and Round Robin DNS

2009-08-21 Thread Paul Wouters


On Fri, 21 Aug 2009, Gareth Hopkins wrote:


I am in the process of testing unbound and have found the following with round 
robin dns entries.

Using www.cnn.com as an example, unbound gives me the same answer 
(157.166.255.19) everytime whereas bind
gives me the intended different answers. Example below.

Command used was while true; do date; nslookup www.cnn.com| head -n6 ; sleep 1; 
done


dig against unbound gives me :

;; ANSWER SECTION:
www.cnn.com.266 IN  A   157.166.224.26
www.cnn.com.266 IN  A   157.166.226.25
www.cnn.com.266 IN  A   157.166.226.26
www.cnn.com.266 IN  A   157.166.255.18
www.cnn.com.266 IN  A   157.166.255.19
www.cnn.com.266 IN  A   157.166.224.25

Seems like they use a TTL of 300. Asking unbound with nslookup gives all 6
records, but I guess unbound is not cycling them in any way, so you keep
getting the first record. Perhaps Wouter can explain that part, as I am
sure some conscious design decision has gone into that.

But in 300 seconds, things will change. For me, the list got returned
the second time as:

;; ANSWER SECTION:
www.cnn.com.300 IN  A   157.166.255.19
www.cnn.com.300 IN  A   157.166.224.25
www.cnn.com.300 IN  A   157.166.224.26
www.cnn.com.300 IN  A   157.166.226.25
www.cnn.com.300 IN  A   157.166.226.26
www.cnn.com.300 IN  A   157.166.255.18

So to my applications (eg ping) their address changed from 157.166.224.26
to 157.166.255.19.

Paul
___
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

[Unbound-users] Unbound and Round Robin DNS

2009-08-21 Thread Gareth Hopkins

Hi,

I am in the process of testing unbound and have found the following with
round robin dns entries.

Using www.cnn.com as an example, unbound gives me the same answer
(157.166.255.19) everytime whereas bind gives me the intended different
answers. Example below.

Command used was while true; do date; nslookup www.cnn.com| head -n6 ; sleep
1; done

Unbound
Version 1.3.3
linked libs: event 1.4.12-stable, ldns 1.6.0_20090714, OpenSSL 0.9.8e 23 Feb
2007
linked modules: validator iterator

Fri Aug 21 12:01:28 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.255.19
Fri Aug 21 12:01:29 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.255.19
Fri Aug 21 12:01:30 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.255.19
Fri Aug 21 12:01:31 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.255.19
Fri Aug 21 12:01:32 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.255.19
Fri Aug 21 12:01:33 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.255.19

Bind version
BIND 9.4.3-P3

Fri Aug 21 12:06:47 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.224.25
Fri Aug 21 12:06:48 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.255.19
Fri Aug 21 12:06:49 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.255.18
Fri Aug 21 12:06:50 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.226.26
Fri Aug 21 12:06:51 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.226.25
Fri Aug 21 12:06:52 SAST 2009
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.cnn.com
Address: 157.166.224.26

Is there something I need to set in unbound to get it to return the random
answers like bind does?

Thanks

Gareth
___
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

Re: [Unbound-users] Unbound and Round Robin DNS

Re: [Unbound-users] Unbound and Round Robin DNS

Re: [Unbound-users] Unbound and Round Robin DNS

Re: [Unbound-users] Unbound and Round Robin DNS

[Unbound-users] Unbound and Round Robin DNS

5 matches

Site Navigation

Mail list logo

Footer information