From patchwork Wed Jan 6 10:16:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag X-Patchwork-Id: 3786 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4D9lf96wgyz3wgR for ; Wed, 6 Jan 2021 10:17:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4D9lf769Fgz1fd; Wed, 6 Jan 2021 10:17:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4D9lf72RG3z2xmq; Wed, 6 Jan 2021 10:17:03 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4D9lf55h0bz2xNt for ; Wed, 6 Jan 2021 10:17:01 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4D9lf50dq6z12s; Wed, 6 Jan 2021 10:17:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1609928221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oMblvmJSBw99J0ha2+yJXqrZpexLNoRHlPpymiJIlsM=; b=8nQ7X9AkKvgR7VMHfRgq5nFJ7sTLpPwxdL5kQt2k4ObxJZ1Vw9n/dVBQMcwn/HO1ag2+WH WUbULq/ZJRr5xRAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1609928221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oMblvmJSBw99J0ha2+yJXqrZpexLNoRHlPpymiJIlsM=; b=sTQGHxNxDl0aRemL645Ktf/kWT9To4UZKTOcgyC3qyG/fjLIYPZSonytCccVXyheJreaYu 40oc+46Dd7dShp4dAcn/KHqxzWXuQudFdo+maUbhaAMpX6cNC1JbyhUnSG7+9VrcFRj9q/ yXUlCXTivTH2yVXD9+8oL0iKLrN6Uelpr7/UIsYPJhhvlpgoL6W9UsF4Ok5d2Jkgj38kCF 7IINunJg1lNWwyKi7S6NBTTjzIb0qBeAY2CmMXMUWLLJlR19H5Fu5Ayc01SzzZruJ1nJrW BGWuqhW7r9GDxPCemqy7SaTjebhXynQ0jhXWIbW7H566eM4LN9nMOeKRjAnyQw== From: Jonatan Schlag To: development@lists.ipfire.org Subject: [PATCH] unbound: keep probing when servers are down Date: Wed, 6 Jan 2021 10:16:49 +0000 Message-Id: <20210106101649.6495-1-jonatan.schlag@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Till now when a server was in the "blocking regime" there was one probe made every 15 min, to see if this server is up again. In situations where all servers where down (e.g. because of a massive package loss) it could take up to 15 min to have a working dns again. This patch changes this behaviour in a way that a server marked down is probed every 2 min. Fixes: #12557 Signed-off-by: Jonatan Schlag --- config/unbound/unbound.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index 3aab6ea46..f78aaae8c 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -60,6 +60,9 @@ server: # Allow access from everywhere access-control: 0.0.0.0/0 allow + # Timeout behaviour + infra-keep-probing: yes + # Bootstrap root servers root-hints: "/etc/unbound/root.hints"