On Wed, 23 May 2018 08:11:09 +0200 "W.C.A. Wijngaards via Unbound-users" <[email protected]> wrote:
> Hi Dmitry, > > On 19/05/18 03:59, Dmitri Kourennyi via Unbound-users wrote: > > More investigation results: > > > > I think the issue appears when unbound is trying to probe the master > > servers for > > the auth_zone section. The logs show unbound doing lookups on all > > the auth_zone > > domain names in my config, and I think unbound is answering them > > from its own > > cache. After the lookups, I get the following in the logs: > > Can you show the work that it does for looking up one of the root > servers? Not getting an address must be causing it to not have > content. But it does work (eventually), you say, once the long list > appears, that means the AXFR has completed. Meanwhile you should > have normal service, because the zone is loaded (the file that is > configured has content, right?)? When a normal query arrives, it > should just be answered with the auth-zone? > > The bug that was fixed in 1.7.1 (causes problem now?), supposedly > fixes behaviour with respect to the forward-zones configured. Is > that still not right somehow? Note that having a forward zone for > "." and also an auth-zone 7706 for the root, in 1.7.1 answers only > queries for the root itself from the root (only domain ".") and other > queries from the forward-zone. Where in 1.7.0 it would pick the > auth-zone referral and go make authoritative queries (and that was a > bug and fixed). So, if 1.7.1 does not work, perhaps authoritative > queries work, but the forward-zone does not work so well. And if you > remove that, then unbound starts making authoritative queries again. > > That the root zone is downloaded every half hour is normal, that is > exactly the AXFR of the root zone that the auth-zone is supposed to > do. So that seems to be working fine and is keeping the root zone up > to date. I did hit this same issue with 1.7.1rc1 with just root zone and without any forward zone. In my small installation unbound stopped answering queries after a day or two. And fix for the issue is removing auth-zone 7706. And this worked on 1.7.0. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/>
pgpE5DJwcJGSI.pgp
Description: OpenPGP digital signature
