On Mon, 31 Mar 2014, Dave Warren wrote:
After the VPN has been interrupted, I see SERVFAIL from unbound for all
queries, despite the fact that the VPN is now available and I can query the
DNS servers across the VPN directly. If I wait, it will resolve itself
eventually. Restarting unbound resolves the problem immediately, so I think
it's a case of unbound caching that the NS are unresponsive and not trying
again.
How do I confirm the problem and/or what can I do to encourage unbound to try
again? Or is there a way to tell unbound to always consider the NS
responsible for this zone to be available?
What libreswan/openswan does is when the VPN connection goes up or down,
it will signal unbound to flush the cache for that domain. That also
helps for domains that look different internal from external.
So the easy fix for you is on VPN up/down to run:
unbound-control flush_zone example.com
unbound-control flush_requestlist
Paul
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
