Including unbound users.
-- Respectfully Mahdi A. Mahdi ________________________________ From: Mahdi Adnan <[email protected]> Sent: Thursday, July 6, 2017 10:49 AM To: W.C.A. Wijngaards Subject: Re: Unbound Srvfail cache Hi Wouter, The issue does scale for more than 15 minutes, and it will keeps on this behavior unless i restart the service or flush the cache. Version 1.4.20 is the latest from redhat. I configured infra-host-ttl to 120 seconds, will see if this helps. Thanks you very much. -- Respectfully Mahdi A. Mahdi ________________________________ From: Unbound-users <[email protected]> on behalf of W.C.A. Wijngaards via Unbound-users <[email protected]> Sent: Thursday, July 6, 2017 10:23:06 AM To: [email protected] Subject: Re: Unbound Srvfail cache Hi Mahdi, Unbound only probes every 15 minutes (infra-ttl) to see if servers are back up. You could lower infra-ttl in your config. Also, you could update, 1.4.20 is from 2012. Perhaps the newer version does not have this issue in this manner. You can also flush the infra cache, with unbound-control flush_infra all, that way you don't lose the DNS cache. Best regards, Wouter On 06/07/17 08:05, Mahdi Adnan via Unbound-users wrote: > Hi folks, > > > We have a situation here with Unbound, during internet outage for an > hour or so, Unbound keeps replying with server servfail for valid > domains even after it gain access to internet, to fix this, i have to > reload or restart Unbound. > > This happens every time we lose internet for more than 30 minutes or so. > > Any way to fix this ? > > Appreciate your time. > > > OS: CentOS 7.3 > > Unbound: Version 1.4.20 > > > Config: > > > server: > > access-control: 0.0.0.0/0 deny > access-control: x.x.x.x/x allow > verbosity: 1 > statistics-interval: 0 > statistics-cumulative: no > extended-statistics: yes > num-threads: 16 > interface: xx.xx.xx.xx > interface: xx.xx.xx.xx > interface: xx.xx.xx.xx > interface: xx.xx.xx.xx > interface: 127.0.0.1 > interface-automatic: no > port: 53 > outgoing-range: 8196 > num-queries-per-thread: 1600 > outgoing-num-tcp: 100 > incoming-num-tcp: 100 > so-rcvbuf: 8m > so-sndbuf: 8m > msg-cache-size: 2G > rrset-cache-size: 4G > msg-cache-slabs: 16 > rrset-cache-slabs: 16 > infra-cache-slabs: 16 > infra-cache-numhosts: 10000000 > do-ip4: yes > do-ip6: yes > do-udp: yes > do-tcp: yes > do-daemonize: yes > chroot: "" > username: "unbound" > directory: "/etc/unbound" > logfile: "/var/log/unbound.log" > log-queries: no > use-syslog: yes > log-time-ascii: yes > pidfile: "/var/run/unbound/unbound.pid" > root-hints: "/etc/unbound/root.hints" > hide-identity: yes > hide-version: yes > harden-glue: yes > harden-dnssec-stripped: yes > harden-below-nxdomain: yes > harden-referral-path: yes > use-caps-for-id: no > unwanted-reply-threshold: 100000 > prefetch: yes > prefetch-key: yes > rrset-roundrobin: yes > minimal-responses: yes > trusted-keys-file: /etc/unbound/keys.d/*.key > auto-trust-anchor-file: "/var/lib/unbound/root.key" > val-log-level: 1 > key-cache-size: 1G > key-cache-slabs: 16 > neg-cache-size: 1k > include: /etc/unbound/local.d/*.conf > # Remote control config section. > remote-control: > control-enable: yes > # control-interface: 127.0.0.1 > # control-port: 953 > server-key-file: "/etc/unbound/unbound_server.key" > server-cert-file: "/etc/unbound/unbound_server.pem" > control-key-file: "/etc/unbound/unbound_control.key" > control-cert-file: "/etc/unbound/unbound_control.pem" > # Stub and Forward zones > include: /etc/unbound/conf.d/*.conf > > > > -- > > Respectfully* > **Mahdi A. Mahdi* >
