Hi all,
I have just installed unbound on win10 as a simple DOT caching resolver. Although it seems to be working very well, there seems to be stability issues. For example yesterday I had to reboot my Internet router, once the router was back online, and Internet was restored, my DNS queries did not work on any of my home network, I had to restart the unbound service before it would work again. Today when I left home where DNS was working fine and I came into my office DNS also did not work. I had to restart the service again and it started working. I tested another device that had never previously used this DNS server, also would not work until the service was restarted
I am exposing my DNS sever to the internet and have my Android device configured to use it as a private DNS server by host name pointing to my public IP. I turned up logging level but nothing really seems relevant to me.
Any ideas on what may be causing this?
regards
Hi Aimee,
Hi Aimee,
I have just installed unbound on win10 as a simple DOT caching resolver. Although it seems to be working very well, there seems to be stability issues. For example yesterday I had to reboot my Internet router, once the router was back online, and Internet was restored, my DNS queries did not work on any of my home network, I had to restart the unbound service before it would work again. Today when I left home where DNS was working fine and I came into my office DNS also did not work. I had to restart the service again and it started working. I tested another device that had never previously used this DNS server, also would not work until the service was restarted
Unbound keeps track of authoritative servers that are unresponsive so that it can avoid overloading them with retries. It seems possible that during the brief period of disconnection from the Internet all of the nameservers needed to satisfy queries for particular names were all unavailable at the same time, and Unbound is avoiding using them for some period, following the same logic.
The infra-keep-probing and infra-host-ttl options in unbound.conf might be worth fiddling with if this sounds plausible.
https://nlnetlabs.nl/documentation/unbound/unbound.conf/
Based on what you describe I believe Joe is spot on on what is happening.
Along with fiddling the infra-* related options in unbound.conf, a more hard step is to use `unbound-control.exe flush_infra all`.
This instructs unbound to flush all the meta information it has on upstream servers.
That could also prove useful to verify that this is indeed what is happening in your case.
Best regards,
-- George
I encountered related issues in the past myself.
I wonder if it might make sense for Unbound to consider the situation where all possible nameservers for a particular query are believed to be unresponsive and still fire off a single query to one selected at random rather than failing the request completely?
Hello,
Thank you for pointing me at those options, they seem to have helped with one of the issues at least:
infra-keep-probing: yes
infra-host-ttl: 20
I can now switch networks between wifi, 4g and onto other wifi networks and maintain dns resolution!
I also seem to have found the issue of DNS not working after a upstream Internet failure, looks like my public IP address changes everytime my device reboots, therefore the tls tunnel my phone is trying to hold on to no longer exists, disabling privateDNS and renenabling it again is all that seems to be needed to fix it, luckily its not something that happens too often and $15 for a static IP I think I can live with it as is.
regards
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
I was just reading through the documentation and stumbled across infra-keep-probing. Unfortunately my unbound is still a bit too old to use it, but I’ll see if upgrading is possible on pfSense without causing myself future issues.
Thanks for the pointer on that one!