lost and found ( for me ? )

lost and found ( for me ? )

↑ Grab this Headline Animator

Cache DNS : How BIND or unbound handles Auth servers that return SERVFAIL or unreachable

caching server ( BIND 9.9.1 or unbound 1.4.7 )
    |
internal root
    |
internal com
    |
aaaa.com ( two name servers : ns1.aaaa.com and ns2.aaaa.com )

[ when ns1.aaaa is unreachable and ns2.aaaa.com works well ]

- unbound 1.4.7

After unbound detects ns1.aaaa.com is unreachable , unbund does name resolutions for given queries to ns2.aaaa.com

unbound 1.4.7ns1.aaaa.comns2.aaaa.com
unbound sends queries to ns2.aaaa.com and does not send queries to ns1.aaaa.com for 900 seconds.unreachableworks well


Here’s a cap date on ns1.aaaa.com and ns2.aaaa.com

Seen from the cap date , unbound does send queries to a auth server that is unreachable for 900 seconds.

the cap date on ns1.example.com ( unbound 192.168.0.1 , ns1.example.com : 192.168.0.2 )
 0.000000 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 3.aaaa.com
 0.300048 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 6.aaaa.com
 0.376270 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 3.aaaa.com
 0.400006 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 7.aaaa.com
 0.499946 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 8.aaaa.com
 0.676344 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 6.aaaa.com
 0.700079 192.168.0.1 -> 192.168.0.2 DNS 82 Standard query A 10.aaaa.com
 0.776033 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 7.aaaa.com
 0.876223 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 8.aaaa.com
 1.076093 192.168.0.1 -> 192.168.0.2 DNS 82 Standard query A 10.aaaa.com
900.103775 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9004.aaaa.com
900.202465 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9005.aaaa.com
900.302595 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9006.aaaa.com
900.402598 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9007.aaaa.com
900.478800 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9004.aaaa.com
900.502539 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9008.aaaa.com
900.578741 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9005.aaaa.com
900.678931 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9006.aaaa.com
900.702667 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9010.aaaa.com
900.778874 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9007.aaaa.com
900.802608 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9011.aaaa.com
900.878815 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9008.aaaa.com
901.078945 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9010.aaaa.com
901.178889 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 9011.aaaa.com
1801.406816 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18017.aaaa.com
1801.505271 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18018.aaaa.com
1801.705396 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18020.aaaa.com
1801.781352 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18017.aaaa.com
1801.881550 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18018.aaaa.com
1802.005210 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18023.aaaa.com
1802.081428 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18020.aaaa.com
1802.105418 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18024.aaaa.com
1802.381504 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18023.aaaa.com
1802.481444 192.168.0.1 -> 192.168.0.2 DNS 85 Standard query A 18024.aaaa.com


the cap data on ns2.example.com  ( unbound 192.168.0.1 , ns2.example.com : 192.168.0.3 )
1799.914518 192.168.0.3 -> 192.168.0.1 DNS 169 Standard query response A 20.0.0.1
1800.014158 192.168.0.1 -> 192.168.0.3 DNS 85 Standard query A 18000.aaaa.com
1800.014471 192.168.0.3 -> 192.168.0.1 DNS 169 Standard query response A 20.0.0.1
1800.114129 192.168.0.1 -> 192.168.0.3 DNS 85 Standard query A 18001.aaaa.com
1800.114387 192.168.0.3 -> 192.168.0.1 DNS 169 Standard query response A 20.0.0.1
1800.214057 192.168.0.1 -> 192.168.0.3 DNS 85 Standard query A 18002.aaaa.com
1800.214286 192.168.0.3 -> 192.168.0.1 DNS 169 Standard query response A 20.0.0.1
1800.314254 192.168.0.1 -> 192.168.0.3 DNS 85 Standard query A 18003.aaaa.com
1800.314519 192.168.0.3 -> 192.168.0.1 DNS 169 Standard query response A 20.0.0.1
1800.414196 192.168.0.1 -> 192.168.0.3 DNS 85 Standard query A 18004.aaaa.com
1800.414471 192.168.0.3 -> 192.168.0.1 DNS 169 Standard query response A 20.0.0.1


- BIND 9.9.1
BIND 9.9.1ns1.aaaa.comns2.aaaa.com
BIND send queries to ns2.aaaa.com and does not send queries to ns1.aaaa.com for about 26 seconds.unreachableworks well


the cap data on ns1.aaaa.com ( BIND 192.168.0.1 , ns1.aaaa.com 192.168.0.2 )

Seen from the cap data , BIND doesn’t send queries to a auth server that is unreachable for about 26 seconds.
 0.000000 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 0.aaaa.com
26.796635 192.168.0.1 -> 192.168.0.2 DNS 83 Standard query A 268.aaaa.com
53.496791 192.168.0.1 -> 192.168.0.2 DNS 83 Standard query A 535.aaaa.com
80.096511 192.168.0.1 -> 192.168.0.2 DNS 83 Standard query A 801.aaaa.com
106.596791 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 1066.aaaa.com
132.896935 192.168.0.1 -> 192.168.0.2 DNS 84 Standard query A 1329.aaaa.com


the cap data on ns2.aaaa.com ( BIND 192.168.0.1 , ns2.aaaa.com 192.168.0.3 )
136.896846 192.168.0.1 -> 192.168.0.3 DNS 84 Standard query A 1369.aaaa.com
136.897086 192.168.0.3 -> 192.168.0.1 DNS 168 Standard query response A 20.0.0.1
136.996791 192.168.0.1 -> 192.168.0.3 DNS 84 Standard query A 1370.aaaa.com
136.997040 192.168.0.3 -> 192.168.0.1 DNS 168 Standard query response A 20.0.0.1
137.096980 192.168.0.1 -> 192.168.0.3 DNS 84 Standard query A 1371.aaaa.com
137.097250 192.168.0.3 -> 192.168.0.1 DNS 168 Standard query response A 20.0.0.1
137.196934 192.168.0.1 -> 192.168.0.3 DNS 84 Standard query A 1372.aaaa.com
137.197201 192.168.0.3 -> 192.168.0.1 DNS 168 Standard query response A 20.0.0.1



[ when ns1.aaaa retruns Servfail and ns2.aaaa.com works well ]

- unbound 1.4.7
unbound 1.4.7ns1.aaaa.comns2.aaaa.com
unbound sends queries to both auth servers ( ns1 , ns2 ) servfailworks well


the cap data on ns1.example.com ( unbound 192.168.0.1 , ns1.aaaa.com 192.168.0.2 )
 9.399682 192.168.0.1 -> 192.168.0.2 DNS 82 Standard query A 95.aaaa.com
 9.399781 192.168.0.2 -> 192.168.0.1 DNS 82 Standard query response, Server failure
 9.498891 192.168.0.1 -> 192.168.0.2 DNS 82 Standard query A 96.aaaa.com
 9.499177 192.168.0.2 -> 192.168.0.1 DNS 82 Standard query response, Server failure


the cap data on ns2.example.com ( unbound 192.168.0.1 , ns2.aaaa.com 192.168.0.3 )
 9.497516 192.168.0.1 -> 192.168.0.3 DNS 82 Standard query A 95.aaaa.com
 9.497938 192.168.0.3 -> 192.168.0.1 DNS 166 Standard query response A 1.1.1.1
 9.596960 192.168.0.1 -> 192.168.0.3 DNS 82 Standard query A 96.aaaa.com
 9.597224 192.168.0.3 -> 192.168.0.1 DNS 166 Standard query response A 1.1.1.1


- BIND 9.9.1
BIND 9.9.1ns1.aaaa.comns2.aaaa.com
BIND sends queries to both auth servers ( ns1 , ns2 )servfailworks well


the cap data on ns1.aaaa.com ( BIND 192.168.0.1 , ns1.aaaa.com 192.168.0.2 )
 0.000000 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 0.aaaa.com
 0.000386 192.168.0.2 -> 192.168.0.1 DNS 81 Standard query response, Server failure
 0.294828 192.168.0.1 -> 192.168.0.2 DNS 81 Standard query A 3.aaaa.com
 0.295109 192.168.0.2 -> 192.168.0.1 DNS 81 Standard query response, Server failure


the cap data on ns2.aaaa.com  ( BIND 192.168.0.1 , ns1.aaaa.com 192.168.0.3 )
 0.000000 192.168.0.1 -> 192.168.0.3 DNS 81 Standard query A 0.aaaa.com
 0.000339 192.168.0.3 -> 192.168.0.1 DNS 165 Standard query response A 1.1.1.1
 0.093219 192.168.0.1 -> 192.168.0.3 DNS 81 Standard query A 1.aaaa.com
 0.093521 192.168.0.3 -> 192.168.0.1 DNS 165 Standard query response A 1.1.1.1

Labels: , , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)