[Pkg-dns-devel] Bug#808204: Bug#808204: Bug#808204: [regression] unbound returns failures and IPv6 addresses on initial boot and after network outages
Robert Edmonds
edmonds at debian.org
Fri Dec 18 03:54:42 UTC 2015
Paul Wise wrote:
> There are two scenarios when this happens:
>
> When I reboot my laptop, the issue happens after it has started up and
> connected to the wireless connection.
>
> When I reboot my router, the issue happens after my laptop has
> reconnected to the wireless connection.
Ah, OK. How do you bring up the wireless connection on your laptop?
NetworkManager, etc.?
Any difference if you try a wired connection instead? (If your laptop
has a wired Ethernet port.)
> > What do you mean by returning IPv6 addresses? Unbound is a DNS server,
> > so it will return AAAA records, if asked. It's up to the DNS client to
> > not ask AAAA records if they're not needed.
>
> For example, wget normally prints both IPv4 and IPv6 addresses for
> domains with both A and AAAA, but after the reconnection, it only
> prints IPv6 addresses or can't resolve at all, depending on the domain.
That's odd, but I guess wget doesn't display an IP address at all when a
DNS query SERVFAILs, and I could easily see how an AAAA could be cached
while the A isn't.
> > This sounds very similar to #791659, but that was reported against
> > 1.4.22-3.
>
> I didn't have the issues with that version, which is why I didn't reply
> to that one. I think that flushing all failures from the cache after a
> reconnection should do it. I'll try a `flush_infra all` next time.
Can you try downgrading to 1.4.22-3 and see if it reliably behaves as
expected when you reboot your laptop and router? If you can make 1.4.22
fail, then I suspect #791659 and this bug are the same, but if not, it
might be an upstream bug.
> > The default "infra-host-ttl" setting is 900 seconds (15 minutes). I
> > wonder if you lower this aggressively (e.g. "infra-host-ttl: 5"), if
> > Unbound would recover more quickly.
>
> Even 5 minutes would be too long to wait TBH.
Yes, of course, but the parameter is specified in seconds, not minutes,
so "infra-host-ttl: 5" should cause the entries in the infra cache to
expire after 5 seconds :-)
> pabs at chianamo ~ $ sudo /usr/sbin/unbound-control forward
> off (using root hints)
>
> It is strange I'm not using forwarding, because the router definitely
> returns DNS info in DHCP replies. Maybe dnssec-trigger is breaking it.
I'm not that familiar with dnssec-trigger, but it might be because
dnssec-trigger feeds DNS nameserver information to unbound dynamically
with "unbound-control forward ...", and if you restarted Unbound since
the last time dnssec-trigger did that, Unbound would start up without a
list of forwarders?
--
Robert Edmonds
edmonds at debian.org
More information about the pkg-dns-devel
mailing list