Hi, Eduardo: It seems that all nameservers of "315ye.zj.cn" (ns1.22.cn, ns2.22.cn) are completely down and no response; In Unbound "infra" database all NS of "315ye.zj.cn" should be marked as "rto 120000", which means "not responsible".
$ unbound-control dump_infra | grep 315ye.zj.cn 121.12.104.72 315ye.zj.cn. ttl 4 ping 0 var 94 rtt 376 rto 120000 tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame dnssec 0 rec 0 A 0 other 0 121.12.104.73 315ye.zj.cn. ttl 0 ping 0 var 94 rtt 376 rto 120000 tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame dnssec 0 rec 0 A 0 other 0 218.66.171.136 315ye.zj.cn. ttl 6 ping 0 var 94 rtt 376 rto 120000 tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame dnssec 0 rec 0 A 0 other 0 218.66.171.137 315ye.zj.cn. ttl 2 ping 0 var 94 rtt 376 rto 120000 tA 3 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame dnssec 0 rec 0 A 0 other 0 In this case Unbound stops resolving names under the zone (returns SERVFAIL for user queries) for a while. Unbound's "ratelimit" feature ratelimits number of queries from Unbound to nameservers, not from user to Unbound. So my guess is: Unbound should already had stopped resolving "315ye.zj.cn" because all the NSs are down, so its "ratelimit" feature no longer detect excessive queries to "315ye.zj.cn" nameservers. Regards, -- Daisuke Higashi
