From: Florian Obser Subject: Re: Prevent Unbound from penalty upstream server To: "Kirill A. Korinsky" Cc: OpenBSD tech Date: Fri, 10 May 2024 16:26:00 +0200 On 2024-05-10 14:53 +01, Stuart Henderson wrote: > I'd like to wait until the discussion with upstream goes further before > making any changes to the default config. > > agreed. I think it makes sense to set infra-keep-probing in unwind though since it plays a completely different role than unbound. I'm not entirely sure where Wouter got the 24h from. infra-keep-probing: If enabled the server keeps probing hosts that are down, in the one probe at a time regime. Default is no. Hosts that are down, eg. they did not respond during the one probe at a time period, are marked as down and it may take infra-host-ttl time to get probed again. infra-host-ttl: Time to live for entries in the host cache. The host cache contains roundtrip timing, lameness and EDNS support information. Default is 900. Anyway, OK? diff --git resolver.c resolver.c index e9d877b0135..ab9c06b87fd 100644 --- resolver.c +++ resolver.c @@ -1211,6 +1211,7 @@ static const struct { { "target-fetch-policy:", "0 0 0 0 0" }, { "outgoing-range:", "64" }, { "val-max-restart:", "0" }, + { "infra-keep-probing", "yes" }, }; struct uw_resolver * > On 2024/05/10 14:23, Kirill A. Korinsky wrote: >> tech@, >> >> I'd like to offer a change in unbound default settings that prevents Unbound >> from penalty an upstream server for up to 24h. >> >> Here a long discussion about such behaviour [1] and here the comment [2] >> where one of Unbound developer explains that behaviour. >> >> Suggested changes switched off that "feature", and enforced Unbound to try >> to reach an upstream server for each request, that seems like an expected >> behaviour for DNS resolver. >> >> Footnotes: >> [1] https://github.com/NLnetLabs/unbound/issues/362 >> >> [2] https://github.com/NLnetLabs/unbound/issues/362#issuecomment-2079235443 >> >> diff --git etc/unbound.conf etc/unbound.conf >> index b33c099d70f..c406d683d33 100644 >> --- etc/unbound.conf >> +++ etc/unbound.conf >> @@ -29,6 +29,19 @@ server: >> # >> aggressive-nsec: yes >> >> + # Unbound penalizes the upstream server for up to 24 hours if it is >> + # not responding particularly well. When it happens, Unbound returns >> + # SERVFAIL for every request to that upstream server. >> + # Here we disable this feature and set the timeout between >> + # attempts to reach the upstream server between 2 and 15 seconds, >> + # but make no more than 16 attempts to reach the upstream server >> + # before returning SERVFAIL. >> + # See: https://github.com/NLnetLabs/unbound/issues/362 >> + infra-keep-probing: yes >> + outbound-msg-retry: 16 >> + infra-cache-min-rtt: 2000 >> + infra-cache-max-rtt: 15000 >> + >> # Serve zones authoritatively from Unbound to resolver clients. >> # Not for external service. >> # >> >> >> -- >> wbr, Kirill >> > -- In my defence, I have been left unsupervised.