[dnsdist] Dnsdist Backend Timeouts & Drops

[Robert Edmonds]

Fredrik Pettai via dnsdist wrote:
> Hi,
> 
> We have dnsdist running on the same machine as the backend DNS server it talks to (over the loopback interface).
> 
> The dnsdist workers get timeouts from time to time which is a bit odd given the backend is on the same server and uses the default check of a.root-servers.net (which should be locally cached in unbound).
> (Running a query locally for a.root-servers.net every second never fails, I’ve also tested with other names, cached or uncached, and the pattern of timeouts doesn’t change much)

Hi,

What version of Unbound are you using?

Unbound 1.20.0 introduced a "wait-limit" feature which limits the number
of outstanding queries that a client can have waiting for recursion.
Most of the time a.root-servers.net will be in cache and not subject to
the wait limit, but it will presumably need to be refreshed from time
to time, maybe more often than the TTL interval if it is evicted due to
cache pressure or if cache-max-ttl is lowered?

Unbound 1.23.0 introduced a standalone metric [0] that counts when the
wait-limit feature causes a dropped query, but that same version also
exempts loopback IP addresses from the wait-limit by default [1].

So, if you are using Unbound versions 1.20.0 through 1.22.0 you may
want to consider upgrading to 1.23.0 or setting "wait-limit: 0" in the
configuration.

[0]: https://github.com/NLnetLabs/unbound/pull/1159

[1]: https://github.com/NLnetLabs/unbound/issues/1263

-- 
Robert Edmonds