BIND9 9.21.21 DoT Forwarding Fails with Quad9 (9.9.9.9 etc) ; Cloudflare/Google/own unbound work OK
Greg Choules
gregchoules+bindusers at googlemail.com
Sun May 3 19:42:32 UTC 2026
In your first mail you said:
> ...but, when the VM is unreachable, Bind9's fallback to direct recursion
has a very noticeable delay. in-browser reponse goes from un-noticeable to
~ 3 seconds.
So this is what I focussed on. I haven't considered Google, Cloudflare or
Quad9 at all, just your Unbound forwarder and a potential way to avoid
waiting so long if it fails to respond.
Cheers, Greg
On Sun, 3 May 2026 at 20:38, pgnd <pgnd at dev-mail.net> wrote:
> hi
>
> > Firstly, that is the way BIND works. If you are forwarding, it will try
> all forwarders, with a variable timeout (based on response
> > time), plus retries and only when all of them fail will it fallback to
> iteration, assuming "forward first", the default.
> ... snip ...
> The idea is to give your Unbound forwarder
> ... snip ...
>
> _this_ issue's about bind9 DoT forwarding NOT working when Quad9's servers
> are used.
>
> Unbound isn't in the picture at all in that case.
>
> and that it DOES work if -- instead -- i use any of Cloudflare, Google, or
> my own (@ unbound on VM) DoT listeners.
>
> it's possible i've missed your point :-/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20260503/72d2fd8a/attachment-0001.htm>
More information about the bind-users
mailing list