From owner-freebsd-questions@freebsd.org Tue Sep 6 09:04:05 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E3BFB96CA9 for ; Tue, 6 Sep 2016 09:04:05 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: from smtp.krpservers.com (smtp.krpservers.com [62.13.128.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.krpservers.com", Issuer "RapidSSL SHA256 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3BAC298C for ; Tue, 6 Sep 2016 09:04:04 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: from [10.12.30.106] (vpn01-01.tdx.co.uk [62.13.130.213] (may be forged)) (authenticated bits=0) by smtp.krpservers.com (8.15.2/8.15.2) with ESMTPSA id u869424n033903 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 6 Sep 2016 10:04:03 +0100 (BST) (envelope-from kpielorz_lst@tdx.co.uk) Date: Tue, 06 Sep 2016 10:03:51 +0100 From: Karl Pielorz To: freebsd-questions@freebsd.org Subject: Query re. /etc/resolv.conf... Message-ID: <6666070D3E503A5E5747ED16@[10.12.30.106]> X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Sep 2016 09:04:05 -0000 Hi, We have a number of 10.3-RELEASE-p7 boxes - on which we use unbound as a local DNS / forwarder. Unbound forwards to a pool of 3 DNS servers (this is good, because if one fails - unbound handles it). In '/etc/resolv.conf' we have: search [blah] nameserver 127.0.0.1 nameserver 192.168.0.1 We've done this - so that if unbound crashes, the machine should still be able to resolve names - it'll just be subject to a delay as the resolver library tries 127.0.0.1 (unbound), doesn't get an answer so tries the 192.168.0.1 name server (kind of as a last resort). This seems to work OK. However - if we 'turn off' 192.168.0.1, all local name resolution is subject to a delay, even if unbound is alive and well - and able to forward/resolve names. Commenting out the 192.168.0.1 nameserver line, and everything works as before, but with it listed (and down) the delay comes back. Can someone confirm this should work that way? - I thought by default it was always "try the first, timeout, try the second..." It doesn't appear to be working that way for us :( -Kp