'Re: Ability to detect when queries are being blocked at the network level'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       unbound-users
Subject:    Re: Ability to detect when queries are being blocked at the network level
From:       Daisuke HIGASHI via Unbound-users <unbound-users () unbound ! net>
Date:       2018-05-05 14:37:10
Message-ID: CAO-L_V_=tbZcHdXZR9NY0oZXUqbFBL9VH1sL6EKDw3rhSFjrkQ () mail ! gmail ! com
[Download RAW message or body]

Hi John,

  If all authoritative servers for particular domain discard
(silently) queries from your Unbound resolver,
you could detect it with `unbound-control dump_infra'.

 $ unbound-control dump_infra | grep nsec3.net
 133.242.130.108 nsec3.net. ttl 571 ping 0 var 94 rtt 376 rto 120000 (snip)
 2401:2500:102:1102:133:242:130:108 nsec3.net. ttl 571 ping 0 var 94
rtt 376 rto 120000 (snip)

  Note that 'rto' of all nameservers serving 'nsec3.net' are 120000
(milliseconds).
As 'Unbound Timeout Information' document describes 'rto 120000' indicates that
Unbound resolver determines the nameserver is unresponsible.
  Of course, we cannot distinguish between nameservers down (network
unreachable) and
discarded queries.

--
 Daisuke HIGASHI
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic