DoT forwarder: controlling timeout before fallback to recursion ?
pgnd
pgnd at dev-mail.net
Sun May 3 13:48:55 UTC 2026
i'm running a
BIND version: 9.21.21
instance on my LAN
it's config'd with `forward first` to forward recursive queries via DoT to an Unbound resolver on a VM.
the DoT fwding setup performs well through caching when the VM's unbound instance is up.
but, when the VM is unreachable, Bind9's fallback to direct recursion has a very noticeable delay. in-browser reponse goes from un-noticeable to ~ 3 seconds.
when the VM is down, Bind9 appears to wait for the forwarder to timeout before falling
back to direct recursion. this ~ 3sec delay's quite noticeable to clients.
direct recursion without any forwarders is significantly faster -- -- response times are unnoticeable.
Is there a configuration option to control the forwarder timeout before
fallback to recursion?
i've searched the docs/archives. i found Mark Andrews' 2004 response
https://lists.isc.org/pipermail/bind-users/2004-November/053821.html
recommending upgrade to ?= v9.3.0, and using adaptive forwarder selection.
but, iiuc, adaptive selection only helps when forwarders respond slowly -- not when
completely unreachable.
in current docs, i'm not finding 'adaptive forward' ... closest is
https://bind9.readthedocs.io/en/stable/chapter3.html#selective-forwarding-resolver-configuration
is there a config option for fallback timeout in Bind 9.21?
or, is there a better approach for this use case that avoids the fallback latency penalty while still benefiting from unbound at VM's caching?
More information about the bind-users
mailing list