[Bug 270824] [local_unbound] exceeded the maximum number of sends

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 270824] [local_unbound] exceeded the maximum number of sends"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 13 Apr 2023 20:27:36 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270824

            Bug ID: 270824
           Summary: [local_unbound] exceeded the maximum number of sends
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: saper@saper.info

This is running 14.0-CURRENT as of ea6d1692666 but I am pretty sure I've seen
this before.

For a long time, this road warrior/laptop install has been plagued with
unstable DNS resolution. It is almost never possible to quickly change networks
(from one WLAN to another one or to USB tethering) and not lose ability to
resolve DNS.

Even when working on one network for a longer time, I get DNS resolution errors
in Firefox regularly.  Switching to 8.8.8.8 or something given via DHCP usually
rectifies the issue. I am pretty sure my tethering DNS server is not hijacking
the requests.

I use "nameserver ::1" in my /etc/resolv.conf

Today, when things are really bad, I have enabled some more debug

# more /etc/unbound/conf.d/logging.conf 
server:
    log-local-actions: no
    log-queries: yes
    log-replies: yes
    log-servfail: yes
    logfile: /log/unbound.log
    val-log-level: 2 


[1681416195] local-unbound[48019:0] error: SERVFAIL <push.services.mozilla.com.
A IN>: exceeded the maximum number of sends

there are also AAAA queries

[1681416195] local-unbound[48019:0] error: SERVFAIL <push.services.mozilla.com.
AAAA IN>: exceeded the maximum number of sends

I've tried to follow if this is related to
https://github.com/NLnetLabs/unbound/issues/422 but I am not sure.

Additional config changes (trying to turn off DNSSEC validation) but they do
not seem to help (commenting out "auto-trust-anchor-file" and adding
"module:config: "iterator"")

$ more /etc/unbound/unbound.conf
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
        username: unbound
        directory: /var/unbound
        chroot: /var/unbound
        pidfile: /var/run/local_unbound.pid
        # auto-trust-anchor-file: /var/unbound/root.key
        module-config: "iterator"

# include: /var/unbound/forward.conf
include: /var/unbound/lan-zones.conf
include: /var/unbound/control.conf
include: /var/unbound/conf.d/*.conf

$ more /var/unbound/lan-zones.conf 
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
        # Unblock reverse lookups for LAN addresses
        unblock-lan-zones: yes
        insecure-lan-zones: yes


Another log sample:

[1681415385] local-unbound[48019:0] error: SERVFAIL <bugs.freebsd.org. A IN>:
exceeded the maximum number of sends
[1681415385] local-unbound[48019:0] info: ::1 bugs.freebsd.org. A IN SERVFAIL
4.015634 0 45
[1681415385] local-unbound[48019:0] info: ::1 bugs.freebsd.org. A IN SERVFAIL
4.015634 0 45
[1681415385] local-unbound[48019:0] info: ::1 bugs.freebsd.org. A IN SERVFAIL
9.017518 0 45
[1681415385] local-unbound[48019:0] info: ::1 bugs.freebsd.org. A IN SERVFAIL
9.018429 0 45
[1681415385] local-unbound[48019:0] info: ::1 bugs.freebsd.org. AAAA IN
[1681415385] local-unbound[48019:0] info: ::1 bugs.freebsd.org. AAAA IN


DNSSEC is nice to have, but I really want to have a stable local resolver. How
to achieve this?

If I suffer from some packet loss on a weak 802.11 connections - is there any
way to make unbound more patient?

-- 
You are receiving this mail because:
You are the assignee for the bug.