Dear Folks, On 25/10/18 18:10 +1100, Nick Urbanik via Unbound-users wrote:
I am puzzled by the behaviour of our multi-level DNS system which answered many queries for names having shorter TTLs with SERVFAIL.
I mean that SERVFAILs went up to 50% of replies, and current names with TTLs of around 300 failed to be fetched by the resolver, the last DNS servers in the chain. What I mean is that adding these two configuration options (serve-expired: "yes" and cache-min-ttl: 30) caused an outage. I am trying to understand why. Any ideas in understanding the mechanism would be very welcome.
By multilevel, I mean clients talk to one server, which forwards to another, and for some clients, there is a third level of caching. So it was unwise to add: serve-expired: "yes" cache-min-ttl: 30 to the server section of these DNS servers running unbound 1.6.8 on up to date RHEL 7? Please could anyone cast some light on why this was so? I will be spending some time examining the cause. If you need more information, please let me know.
-- Nick Urbanik http://nicku.org [email protected] GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
