Maintained by: NLnet Labs

[Unbound-users] problems resolving /

Sat Jun 18 16:56:46 CEST 2011


Leen Besselink wrote:

> Is it just me or is Unbound 1.4.7 not able to resolve / right now ?

Unbound with DNSSEC validation not able to resolve
BIND9 manages to do it but takes long time because of many timeouts.

It seems that all NS in returns broken response for
DNSKEY query with UDP. BIND9 retries query with TCP and gets complete
DNSKEY but Unbound does not.

Despite NS are broken, is Unbound behavior correct?

> dig DNSKEY +dnssec
;; connection timed out; no servers could be reached

> dig DNSKEY +tcp +dnssec
<very large DNSKEY RRSet and RRSIG>

 Daisuke HIGASHI <daisuke.higashi at>