On Mon, Mar 31, 2014 at 11:24:47AM -0700, Dave Warren wrote: > I have a permanent VPN between a couple sites which is not entirely > reliable, and unbound is configured with a stub zone pointing to > name servers within 192.168/16 space. > > The zone is defined in my unbound.conf as: example.com. IN stub > noprime: 192.168.182.1 > > After the VPN has been interrupted, I see SERVFAIL from unbound for > all queries, despite the fact that the VPN is now available and I > can query the DNS servers across the VPN directly. If I wait, it > will resolve itself eventually. Restarting unbound resolves the > problem immediately, so I think it's a case of unbound caching that > the NS are unresponsive and not trying again. > > How do I confirm the problem and/or what can I do to encourage > unbound to try again? Or is there a way to tell unbound to always > consider the NS responsible for this zone to be available? >
Hi Dave, So there are a few things and possible solutions I can tell you about: - Yes, Unbound is probably caching that it couldn't connect to the nameserver and thus when you ask it again shortly after your VPN is down, it will just respond with: this domain is no good - Unbound has a commandline tool called: unbound-control which allows you to ask Unbound for all kinds of information or ask it to do something. - For example you can ask Unbound what it thinks about your domain: unbound-control lookup example.com - Or ask Unbound to show you what it remembered about certain servers: unbound-control dump_infra - Or ask Unbound to forgot what it knows about a certain domain: unbound-control flush_zone example.com - Now if your VPN software supports it, you might be able to configure that software to automatically flush the information about your example.com zone when it is connected. - For example OpenVPN has an 'up' script option when it is connected again, which can call a script with this line: unbound-control flush_zone example.com Hope this is helpful to you. Have a good day, Leen. > -- > Dave Warren > http://www.hireahit.com/ > http://ca.linkedin.com/in/davejwarren > > > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
