Maintained by: NLnet Labs

[Unbound-users] Problems with

Attila Nagy
Mon Sep 19 13:03:17 CEST 2011


There is a problem with resolving names from with unbound.
Currently, the root NSs give back three nameservers, from which only one 
works (at least from our network).
And that one has a bad NS RR:
$ dig ns

; <<>> DiG 9.6.-ESV-R4-P1 <<>> ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25982
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;                    IN      NS

;; ANSWER SECTION:             60      IN      NS      sql2005.

It seems that unbound stores that nameserver and wants to query it, so 
either a time out or a SERVFAIL happens to the client.

I thought that a recursive DNS server shouldn't cache NS records from 
the zone's authoritative name server, it should only trust in the upper 
ISC BIND doesn't have this behaviour -it seems-, so it can resolve names 
from this domain.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>