Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-114715

unbound-anchor.timer storms the DNS root servers at 00:00

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-9.4.z
    • unbound
    • None
    • No
    • None
    • rhel-net-perf
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      trying to reduce the burst of connections on my firewall

      What is the impact of this issue to you?

      storm of connections, no known business impact

      Please provide the package NVR for which the bug is seen:

      unbound-libs-1.16.2-8.el9_4.1.x86_64

      How reproducible is this bug?:

      everyday at 00:00:00 UTC

      Steps to reproduce

      1. run an OpenShift cluster or a RHEL VM
      2. observe the traffic at 00:00
      3.  

      Expected results

      flat traffic

      Actual results

      huge burst of traffic as every single RHEL VM is trying to connect to root servers as per config https://gitlab.com/redhat/centos-stream/rpms/unbound/-/blob/c10s/unbound-anchor.timer?ref_type=heads

      logs on every single VM:

      Sep 15 00:00:00 systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...

              pemensik@redhat.com Petr Mensik
              frigault Francois Rigault
              Petr Mensik Petr Mensik
              Petr Sklenar Petr Sklenar
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: