My server has an authoritative Bind round robin configuration for a
given record (rrset), where the ips are of different networks, eg:
mail.emp.intranet. A 192.168.50.20
A 192.168.50.21
A 10.16.16.20
A 10.16.16.20
When my application directly query my server Bind all ips are utilized
in connection, but when my application query my server Unbound ips
network 10.XXX are never recovered.
My configuration is:
- Centos 5.4: Application Server
- Centos 6 / Bind 9.9.1: authoritative server
- Centos 6 / Unbound: cache / recursive
I believe bind randomizes the order, while unbound just returns the
static order. the application is apparently always picking the first
entry.
More people have been hit by this in the past. Perhaps a switch
could be added to unbound to randomize these like bind does.
(even though round robin DNS as load balancer isn't a terribly
good idea to begin with)
See the rrset-roundrobin option as of Unbound 1.4.17:
rrset-roundrobin: <yes or no>
If yes, Unbound rotates RRSet order in response (the random num-
ber is taken from the query ID, for speed and thread safety).
Default is no.
Do you protect your private addresses, i.e. 10/8 ? That would cause
unbound to remove the 10/8 addresses from the response, leaving the
other address. This is the private-address option in unbound.conf.
I agree that the private network is an important factor but these are
networks of example, and wanted to illustrate that I'm using separate
networks setup round robin.
When I consult dig through the respotas are alternate, but when I use
nc, telnet or python to test the response does not always work as it
should.
Today I tested with Centos 6 and ran the query in Umbound and Bind,
can be a problem with libresolv or libc?
The Centos 5.4 does not work on Unbound, noting that the tests were
the same in both operating systems using (telnet nc.. Python. Dig and
internal application developed internally)