Maintained by: NLnet Labs

[Unbound-users] Problem with query

Paul Wouters
Thu Sep 15 22:36:26 CEST 2011

On Thu, 15 Sep 2011, Robert Fleischman wrote:

> Are you SURE your server returns?  I just tried it with:
> dig +time=600 +tcp @ -t ns
> And it doesn't return AT ALL.  (That is a 10 minute wait time!!)

Seems you are right. An entry in my reslv.conf sneaked through to my bind
fallback server, which does anser with the hunderds of NS records, though
without any additional A records.

I ran:  unbound-host -t NS -ddddd

but killed it after it had generated 100MB of data and was still looping.
bind does return pretty quickly, though it has no additional records at all.

dig ns also shows how bogus that response is.
Many * nameservers, but not a single glue record.

> I don't have any "harden" stuff on.    I do have:
> val-permissive-mode: yes

That disables all DNSSEC. Any good reason for that?