1

What I need

A forwarding DNS server as an intermediry to another DNS server that serves expired records and renews its cache later.

Problem

I tried to use unbound as the only software that I've found to have this serve-expired feature.

However the problem with my unbound setup is that it sends multiple queries and does weird stuff to make itself slower (~few hundred ms) than a simple dig or nslookup (~100ms) to the upstream server (let's suppose it's address is 22.22.22.22). Is there anything that I can do to make unbound to act even simpler than this?:

/etc/unbound/unbound.conf:

include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

server:
  chroot: ""
  logfile: /var/log/unbound.log
  verbosity: 2
  log-queries: yes
  port: 53
  cache-min-ttl: 600
  rrset-cache-size: 400m
  msg-cache-size: 200m
  prefetch: yes
  serve-expired: yes
  serve-expired-ttl: 172800 # :)
  do-not-query-localhost: no
  tcp-upstream: no
  outgoing-num-tcp: 4000
  incoming-num-tcp: 4000
  access-control: ... # a few access-control lines
  so-reuseport: yes
  tcp-idle-timeout: 10000
  edns-tcp-keepalive: yes

remote-control:
  control-enable: yes

forward-zone:
  name: "ir"
  forward-addr: 46.224.1.42
  forward-addr: 8.8.4.4

forward-zone:
  name: "."
  forward-addr: 22.22.22.22 # Upstream server
Masood Lapeh
  • 48
  • 1
  • 5

1 Answers1

-1

For my purpose (caching and serving expired/stale records) CoreDNS seems to work better, with following config:

. {
  bind lo
  forward . 22.22.22.22
  log
  cache {
    success 20000 3600 600
    denial 10000 1800 600
    prefetch 5000
    serve_stale 172800s immediate
  }
}

Where 22.22.22.22 is the address of upstream sever, and serve_stale 172800s immediate imitates serve-expired feature of unbound. So when responses are expired they are considered fresh up to 172800 seconds and are immediately sent to the client wihout waiting for the upstream. (https://coredns.io/plugins/cache/)

Masood Lapeh
  • 48
  • 1
  • 5