Discussion:
[Unbound-users] Unbound x Bind - Round robin DNS
Leandro Anjos Moura
2012-12-14 02:13:27 UTC
Permalink
Hello guys,

My server has an authoritative Bind round robin configuration for a
given record (rrset), where the ips are of different networks, eg:

mail.emp.intranet. A 192.168.50.20
A 192.168.50.21
A 10.16.16.20
A 10.16.16.20

When my application directly query my server Bind all ips are utilized
in connection, but when my application query my server Unbound ips
network 10.XXX are never recovered.

My configuration is:
- Centos 5.4: Application Server
- Centos 6 / Bind 9.9.1: authoritative server
- Centos 6 / Unbound: cache / recursive

Anyone had this problem?

thank you
Paul Wouters
2012-12-14 02:22:48 UTC
Permalink
Post by Leandro Anjos Moura
My server has an authoritative Bind round robin configuration for a
mail.emp.intranet. A 192.168.50.20
A 192.168.50.21
A 10.16.16.20
A 10.16.16.20
When my application directly query my server Bind all ips are utilized
in connection, but when my application query my server Unbound ips
network 10.XXX are never recovered.
- Centos 5.4: Application Server
- Centos 6 / Bind 9.9.1: authoritative server
- Centos 6 / Unbound: cache / recursive
I believe bind randomizes the order, while unbound just returns the
static order. the application is apparently always picking the first
entry.

More people have been hit by this in the past. Perhaps a switch
could be added to unbound to randomize these like bind does.
(even though round robin DNS as load balancer isn't a terribly
good idea to begin with)

Paul
Aaron Hopkins
2012-12-14 05:06:55 UTC
Permalink
Post by Leandro Anjos Moura
When my application directly query my server Bind all ips are utilized
in connection, but when my application query my server Unbound ips
network 10.XXX are never recovered.
See the rrset-roundrobin option as of Unbound 1.4.17:

rrset-roundrobin: <yes or no>
If yes, Unbound rotates RRSet order in response (the random num-
ber is taken from the query ID, for speed and thread safety).
Default is no.

-- Aaron
Leandro Anjos Moura
2012-12-14 14:13:40 UTC
Permalink
Thank you for answers, but the parameter rrset-roundrobin is set to yes.

The problem is Bind works and Unbound does not work.
Post by Aaron Hopkins
Post by Leandro Anjos Moura
When my application directly query my server Bind all ips are utilized
in connection, but when my application query my server Unbound ips
network 10.XXX are never recovered.
rrset-roundrobin: <yes or no>
If yes, Unbound rotates RRSet order in response (the random num-
ber is taken from the query ID, for speed and thread safety).
Default is no.
-- Aaron
W.C.A. Wijngaards
2012-12-14 14:18:23 UTC
Permalink
Hi,

Do you protect your private addresses, i.e. 10/8 ? That would cause
unbound to remove the 10/8 addresses from the response, leaving the
other address. This is the private-address option in unbound.conf.

Best regards, Wouter
Post by Leandro Anjos Moura
Thank you for answers, but the parameter rrset-roundrobin is set to yes.
The problem is Bind works and Unbound does not work.
Post by Leandro Anjos Moura
When my application directly query my server Bind all ips are
utilized in connection, but when my application query my server
Unbound ips network 10.XXX are never recovered.
rrset-roundrobin: <yes or no> If yes, Unbound rotates RRSet order
in response (the random num- ber is taken from the query ID,
for speed and thread safety). Default is no.
-- Aaron
_______________________________________________ Unbound-users
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Tom Hendrikx
2012-12-14 16:59:33 UTC
Permalink
Hi,

Wouldn't that also strip 192.168/16 addresses (the other half of his
configured responses)?

Tom
Post by W.C.A. Wijngaards
Hi,
Do you protect your private addresses, i.e. 10/8 ? That would cause
unbound to remove the 10/8 addresses from the response, leaving the
other address. This is the private-address option in unbound.conf.
Best regards, Wouter
Post by Leandro Anjos Moura
Thank you for answers, but the parameter rrset-roundrobin is set to yes.
The problem is Bind works and Unbound does not work.
Post by Leandro Anjos Moura
When my application directly query my server Bind all ips are
utilized in connection, but when my application query my server
Unbound ips network 10.XXX are never recovered.
rrset-roundrobin: <yes or no> If yes, Unbound rotates RRSet order
in response (the random num- ber is taken from the query ID,
for speed and thread safety). Default is no.
-- Aaron
_______________________________________________ Unbound-users
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
_______________________________________________
Unbound-users mailing list
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Leandro Anjos Moura
2012-12-15 14:59:18 UTC
Permalink
I agree that the private network is an important factor but these are
networks of example, and wanted to illustrate that I'm using separate
networks setup round robin.

When I consult dig through the respotas are alternate, but when I use
nc, telnet or python to test the response does not always work as it
should.

Today I tested with Centos 6 and ran the query in Umbound and Bind,
can be a problem with libresolv or libc?

The Centos 5.4 does not work on Unbound, noting that the tests were
the same in both operating systems using (telnet nc.. Python. Dig and
internal application developed internally)
Post by Tom Hendrikx
Hi,
Wouldn't that also strip 192.168/16 addresses (the other half of his
configured responses)?
Tom
Post by W.C.A. Wijngaards
Hi,
Do you protect your private addresses, i.e. 10/8 ? That would cause
unbound to remove the 10/8 addresses from the response, leaving the
other address. This is the private-address option in unbound.conf.
Best regards, Wouter
Post by Leandro Anjos Moura
Thank you for answers, but the parameter rrset-roundrobin is set to yes.
The problem is Bind works and Unbound does not work.
Post by Leandro Anjos Moura
When my application directly query my server Bind all ips are
utilized in connection, but when my application query my server
Unbound ips network 10.XXX are never recovered.
rrset-roundrobin: <yes or no> If yes, Unbound rotates RRSet order
in response (the random num- ber is taken from the query ID,
for speed and thread safety). Default is no.
-- Aaron
_______________________________________________ Unbound-users
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
_______________________________________________
Unbound-users mailing list
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
_______________________________________________
Unbound-users mailing list
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Phil Mayers
2012-12-16 13:11:37 UTC
Permalink
Well, libc sorts the result by rfc 3484 rules so you can't be sure rrset round robin survives all the way to the app.
Post by Leandro Anjos Moura
I agree that the private network is an important factor but these are
networks of example, and wanted to illustrate that I'm using separate
networks setup round robin.
When I consult dig through the respotas are alternate, but when I use
nc, telnet or python to test the response does not always work as it
should.
Today I tested with Centos 6 and ran the query in Umbound and Bind,
can be a problem with libresolv or libc?
--
Sent from my mobile device, please excuse brevity and typos.
Loading...