Unbound and Timeouts

Unbound
1

Hi Again :slight_smile:

So I have been testing unbound quite extensively over the past couple of days and am really liking it.

I have a question though, regarding timeouts.

A ‘unbound-control dump_requestlist’ shows the following

thread #0

type cl name seconds module status

0 A IN cascata.com. 123.845855 iterator wait for 69.90.13.6
1 A IN 68-116-240-174.dhcp.ftca.co.charter.com. 123.919558 iterator wait for 66.191.36.11
2 PTR IN 3.178.248.207.in-addr.arpa. 151.365325 iterator wait for 204.153.24.1
3 PTR IN 5.136.26.58.in-addr.arpa. 152.588019 iterator wait for 58.26.136.10
4 PTR IN 10.247.62.207.in-addr.arpa. 146.790214 iterator wait for 207.62.235.40
5 PTR IN 30.247.62.207.in-addr.arpa. 156.369539 iterator wait for 207.62.235.40
6 PTR IN 38.49.154.204.in-addr.arpa. 129.552641 iterator wait for 204.154.48.15
7 PTR IN 55.17.184.167.in-addr.arpa. 126.195268 iterator wait for 167.184.128.29
8 PTR IN 71.247.62.207.in-addr.arpa. 156.820779 iterator wait for 207.62.235.40
9 PTR IN 114.113.195.166.in-addr.arpa. 144.681431 iterator wait for 209.183.48.20
10 PTR IN 116.189.34.200.in-addr.arpa. 154.386975 iterator wait for 200.34.109.90
11 PTR IN 120.236.9.204.in-addr.arpa. 135.154707 iterator wait for 66.172.144.3
12 PTR IN 123.236.9.204.in-addr.arpa. 135.155951 iterator wait for 66.172.144.3
13 PTR IN 135.25.43.211.in-addr.arpa. 155.581005 iterator wait for 210.104.1.3
14 PTR IN 139.247.62.207.in-addr.arpa. 152.166376 iterator wait for 207.62.234.180
15 PTR IN 170.205.77.63.in-addr.arpa. 126.063830 iterator wait for 69.44.24.3
16 PTR IN 212.89.117.217.in-addr.arpa. 130.618862 iterator wait for 217.117.80.1
17 PTR IN 250.244.194.66.in-addr.arpa. 130.165708 iterator wait for 24.154.1.7
18 PTR IN 253.71.43.211.in-addr.arpa. 113.330439 iterator wait for 210.204.251.22

According to dig +trace, most of the errors are Bad Referrals. An example being

247.62.207.in-addr.arpa. 86400 IN NS smcdns1.smccd.net.
247.62.207.in-addr.arpa. 86400 IN NS candns1.smccd.net.
;; Received 129 bytes from 130.150.102.100#53(ns1.csu.net) in 264 ms

247.62.207.in-addr.arpa. 64122 IN NS smcdns1.smccd.net.
247.62.207.in-addr.arpa. 64122 IN NS candns1.smccd.net.
;; BAD (HORIZONTAL) REFERRAL
;; Received 129 bytes from 207.62.234.180#53(candns1.smccd.net) in 259 ms

247.62.207.in-addr.arpa. 64122 IN NS candns1.smccd.net.
247.62.207.in-addr.arpa. 64122 IN NS smcdns1.smccd.net.
;; BAD (HORIZONTAL) REFERRAL
;; Received 129 bytes from 207.62.234.180#53(candns1.smccd.net) in 265 ms

How many Bad referrals need to be received before being classed as a SERVFAIL and how long
will the query be worked on until it times out ?

Thanks

Gareth

2

You seem to have a busy server. Therefore at any moment it will
be waiting for something. These bad referrals may be causing the
most load on the server.

If the target gives bad referrals, another nameserver will be tried, and
if all nameservers give bad referrals, unbound tries a couple times and
then give up. Should be very quick (depending on the RTT to those servers).

Timeouts depend on the RTT to the servers.

Best regards,
   Wouter