1

I have been using unbound as a caching DNS server forwarding to dnscrypt-proxy and it was working relatively well for a while (years, although about a year or so with dnscrypt-proxy) requiring no restarts for upwards of 30 days (roughly the time between system restarts); however, lately, I noticed that it frequently stops resolving. I completely disabled a process supervisor to help with debugging and why this needs restarted with no solution yet ...

Oddly enough, if I query the upstream server directly, I get the result I expect. Additionally, if I use unbound-control to do a lookup (or possibly I waited long enough when doing so), I do get a response.

I monitored traffic when this was happening and noticed that unbound is not querying the upstream server (dnscrypt-proxy) when this happens. I do not see any "errors" in the logs, so nothing obvious stands out. Unbound-control indicates the service is still running.

Other bits of information - my ad blocking list is about 15M. I was thinking that could very well be a problem; however, I don't see any documentation on how big local-zone data could be.

I had configured unbound to use up to 256m (rrset), 128m (msg) but bumped it to 512 and 256 respectively. That did not prevent the problem from occurring.

When this fails, I get a "server can't find" message:

nslookup www.youtube.com Server: 127.0.0.1 Address: 127.0.0.1#53

** server can't find www.youtube.com: SERVFAIL

Walter
  • 243
  • 2
  • 6
  • I turned the logs up to level 3 and see that unbound is having connectivity issues to the upstream dnscrypt-proxy server. I configured it to use TCP and have now switched it to UDP. Why those messages are logged @debug makes no sense to me especially if it results in service interruption. – Walter Apr 27 '19 at 17:20
  • I can only speculate as this was 5 months ago (see my comment) and I didn't comment the exact log pattern at that time. That being said, it was something along the lines of lost connection with upstream DNS server 127.0.0.1:5300 TCP ... It was clear enough that once I saw that, I knew there was a problem with TCP connectivity between unbound and DNSCrypt Proxy. Furthermore, I saw that is what I had configured between unbound and DNSCrypt Proxy. TCP should work, but switching to UDP solved the problem. – Walter Sep 27 '19 at 23:47
  • have you checked your swap partition size when you face this issue? when all your RAM size is full, and it swaps this storage to swap, this type of issue happens. check and if this is correct, then increase your RAM size, and dont let your service to go over swap partition. – Zareh Kasparian Oct 19 '19 at 10:49

1 Answers1

0

I haven't had this issue since switching the connection to the upstream server to UDP.

I filed a bug report here: https://github.com/NLnetLabs/unbound/issues/89

Walter
  • 243
  • 2
  • 6