unbound icon indicating copy to clipboard operation
unbound copied to clipboard

Published 20 hours ago verified publisher icon NLnetLabs

Unbound Not Forwarding to Specified DNS Server When serve-expired-ttl:0 and redis is Set

Open kkkgo opened this issue 1 year ago • 0 comments

Describe the bug When using Unbound as a recursive DNS server with the configuration option serve-expired-ttl: 0 and Redis as a caching backend, you may encounter an issue where Unbound fails to forward DNS queries to a specified DNS server for a particular domain. This issue persists even when you've configured forward-no-cache: yes and forward-first: yes in your unbound.conf file.

To reproduce Steps to reproduce the behavior:

    1. Set up Unbound as a recursive DNS server and configure Redis as the caching backend. Set serve-expired: yes,serve-expired-ttl:0, serve-expired-ttl-reset: no,serve-expired-reply-ttl: 0.
    1. Ensure there is cached record for the domain 'example.com' in Redis.
    1. Modify the Unbound configuration (unbound.conf) to specify that DNS queries for 'example.com' should be forwarded to a specific DNS server.
    1. Query 'example.com' from dig.

Expected behavior With forward-no-cache and forward-first options set to 'yes', Unbound should forward the query for 'example.com' to the specified DNS server. Actual Behavior Unbound consistently retrieves the expired or cached record for 'example.com' from Redis, with a TTL of 0, instead of forwarding the query to the specified DNS server. System:

  • Unbound version: 1.18.1
  • OS: Alpine Linux
  • unbound -V output:
Version 1.18.1

Configure line: --with-libevent --with-pthreads --with-libhiredis --enable-cachedb --disable-rpath --without-pythonmodule --disable-documentation --disable-flto --disable-maintainer-mode --disable-option-checking --disable-rpath --with-pidfile=/tmp/unbound.pid --prefix=/usr --sysconfdir=/etc --localstatedir=/tmp --with-username=root
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.1.3 19 Sep 2023
Linked modules: dns64 cachedb respip validator iterator

BSD licensed, see LICENSE in source package for details.
Report bugs to [email protected] or https://github.com/NLnetLabs/unbound/issues

Additional information Add any other information that you may have gathered about the issue here.

kkkgo avatar Oct 17 '23 09:10 kkkgo