Maintained by: NLnet Labs

[Unbound-users] SERVFAIL and CNAME

Robert Fleischman
Fri Aug 19 16:53:38 CEST 2011

I have been having trouble resolving ""

It appears that and (the NS for") is returning a CNAME response (pointing off to an
amazon'd name) with the SERVFAIL bit set in the header. It also
(according to dig) sometimes spits back a truncated response requiring
a TCP retry.

This combination of things makes unbound a bit upset.  I've seen
discussions of this here:

(My guess is that is running PowerDNS)

In practice, sometimes unbound returns the A record, sometimes not!
It appears other recursive servers are much more permissive here.


Is there a way to make Unbound "happier" about this name and semi-broken setup?