Hello:
I am working on replacing libcares with unbound for my client on an OpenWrt
platform. I am using async mode ( ub_resolve_async() ) for DNS queries and
unbound is used as a forwarding server and not authoritative one. serve-expired
is left at default which is 'no..
The issue I am facing is the application that uses unbound maintains its own
cache and on expiry of ttl re-queries unbound which immediately returns an
answer with ttl=0 and then sends a fresh query out. This is not desirable for
our application. If the application re-queries after tt+1 second then unbound
returns answer from fresh query instead serving expired with ttl=0.
1. Why does unbound return expired record with ttl=0 when serve-expired is left
at default which is 'no.
2. Why does unbound always sends out new query only after 1 sec after ttl
expiry instead of immediately sending new query?
Very First Query
Application ---> Query -----------------> Unbound
Unbound ---> Query ---> Authoritative DNS Server
Unbound <--- Answer (ttl = t) <--- Authoritative DNS Server
Application <--- Answer (ttl = t) < ----------Unbound
After ttl t secs expiry, Second Query
Application ---> Query -----------------> Unbound
Application <--- Answer (ttl = 0) < ---------Unbound. (NOT DESIRABLE)
Unbound 1 sec wait (NOT DESIRABLE)
Unbound ---> Query ---> Authoritative DNS Server
Unbound <--- Answer (ttl = t) <--- Authoritative DNS Server
This process of getting back ttl=0 repeats for all subsequent re-queries on ttl
expiry and Application gets orig ttl only from answer to very first query.
As can be seen from the attached wireshark, the lowest ttl=5 and my application
re-queries every 5 seconds but unbound sends query out only after 6 seconds as
can be seen in wireshark.
Attached unbound.conf.
Any help will be appreciated.
Thanks
Sankar Raman
Disclaimer
This e-mail together with any attachments may contain information of Ribbon
Communications Inc. and its Affiliates that is confidential and/or proprietary
for the sole use of the intended recipient. Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly
prohibited. If you are not the intended recipient, please notify the sender
immediately and then delete all copies, including any attachments.
#
server:
# By default Unbound does not allow Private IPs to be reverse Queried (AS112
Zones)
# Allow them for TLS Mutual Authentication Reverse Queries
# IPv4 Private Addresses
local-zone: "10.in-addr.arpa." nodefault
local-zone: "16.172.in-addr.arpa." nodefault
local-zone: "17.172.in-addr.arpa." nodefault
local-zone: "18.172.in-addr.arpa." nodefault
local-zone: "19.172.in-addr.arpa." nodefault
local-zone: "20.172.in-addr.arpa." nodefault
local-zone: "21.172.in-addr.arpa." nodefault
local-zone: "22.172.in-addr.arpa." nodefault
local-zone: "23.172.in-addr.arpa." nodefault
local-zone: "24.172.in-addr.arpa." nodefault
local-zone: "25.172.in-addr.arpa." nodefault
local-zone: "26.172.in-addr.arpa." nodefault
local-zone: "27.172.in-addr.arpa." nodefault
local-zone: "28.172.in-addr.arpa." nodefault
local-zone: "29.172.in-addr.arpa." nodefault
local-zone: "30.172.in-addr.arpa." nodefault
local-zone: "31.172.in-addr.arpa." nodefault
local-zone: "168.192.in-addr.arpa." nodefault
# IPv6 Local Addresses
local-zone: "d.f.ip6.arpa." nodefault
local-zone: "8.e.f.ip6.arpa." nodefault
local-zone: "9.e.f.ip6.arpa." nodefault
local-zone: "a.e.f.ip6.arpa." nodefault
local-zone: "b.e.f.ip6.arpa." nodefault
# IPv6 Example Prefix
local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
cache-max-negative-ttl: 5
prefetch: yes
serve-original-ttl: yes
############ END OF LOCAL-ZONE CONFIG ############
############ END OF SERVER CONFIG ############
forward-zone: # Primary & Secondary DNS Servers
name: "."
forward-addr: 192.168.50.12
root@SweLite-214:~#
unbound-wireshark.pcapng
Description: unbound-wireshark.pcapng
