Index | Thread | Search

From:
Florian Obser <florian@openbsd.org>
Subject:
Re: Prevent Unbound from penalty upstream server
To:
"Kirill A. Korinsky" <kirill@korins.ky>
Cc:
OpenBSD tech <tech@openbsd.org>
Date:
Fri, 10 May 2024 16:26:00 +0200

Download raw body.

Thread 
On 2024-05-10 14:53 +01, Stuart Henderson <stu@spacehopper.org> wrote:
> I'd like to wait until the discussion with upstream goes further before
> making any changes to the default config.
>
>

agreed. I think it makes sense to set infra-keep-probing in unwind
though since it plays a completely different role than unbound.

I'm not entirely sure where Wouter got the 24h from.

     infra-keep-probing: <yes or no>
            If enabled the server keeps probing hosts that are down, in the
            one probe at a time regime.  Default is no.  Hosts that are down,
            eg. they did not respond during the one probe at a time period,
            are marked as down and it may take infra-host-ttl time to get
            probed again.

     infra-host-ttl: <seconds>
            Time to live for entries in the host cache. The host cache
            contains roundtrip timing, lameness and EDNS support information.
            Default is 900.

Anyway, OK?

diff --git resolver.c resolver.c
index e9d877b0135..ab9c06b87fd 100644
--- resolver.c
+++ resolver.c
@@ -1211,6 +1211,7 @@ static const struct {
 	{ "target-fetch-policy:", "0 0 0 0 0" },
 	{ "outgoing-range:", "64" },
 	{ "val-max-restart:", "0" },
+	{ "infra-keep-probing", "yes" },
 };
 
 struct uw_resolver *


> On 2024/05/10 14:23, Kirill A. Korinsky wrote:
>> tech@,
>> 
>> I'd like to offer a change in unbound default settings that prevents Unbound
>> from penalty an upstream server for up to 24h.
>> 
>> Here a long discussion about such behaviour [1] and here the comment [2]
>> where one of Unbound developer explains that behaviour.
>> 
>> Suggested changes switched off that "feature", and enforced Unbound to try
>> to reach an upstream server for each request, that seems like an expected
>> behaviour for DNS resolver.
>> 
>> Footnotes:
>> [1]  https://github.com/NLnetLabs/unbound/issues/362
>> 
>> [2]  https://github.com/NLnetLabs/unbound/issues/362#issuecomment-2079235443
>> 
>> diff --git etc/unbound.conf etc/unbound.conf
>> index b33c099d70f..c406d683d33 100644
>> --- etc/unbound.conf
>> +++ etc/unbound.conf
>> @@ -29,6 +29,19 @@ server:
>>  	#
>>  	aggressive-nsec: yes
>>  
>> +	# Unbound penalizes the upstream server for up to 24 hours if it is
>> +	# not responding particularly well. When it happens, Unbound returns
>> +	# SERVFAIL for every request to that upstream server.
>> +	# Here we disable this feature and set the timeout between
>> +	# attempts to reach the upstream server between 2 and 15 seconds,
>> +	# but make no more than 16 attempts to reach the upstream server
>> +	# before returning SERVFAIL.
>> +	# See: https://github.com/NLnetLabs/unbound/issues/362
>> +	infra-keep-probing: yes
>> +	outbound-msg-retry: 16
>> +	infra-cache-min-rtt: 2000
>> +	infra-cache-max-rtt: 15000
>> +
>>  	# Serve zones authoritatively from Unbound to resolver clients.
>>  	# Not for external service.
>>  	#
>> 
>> 
>> -- 
>> wbr, Kirill
>> 
>

-- 
In my defence, I have been left unsupervised.