Maintained by: NLnet Labs

Unbound not always resolving immediately after start.

Mon Sep 14 14:16:50 CEST 2015

> bind-users have discussed same issue last year:

discussion starts from this mail

2015-09-14 21:15 GMT+09:00 Daisuke HIGASHI <daisuke.higashi at>:
> Hi,
> SERVFAIL on seems to be from fix on CVE-2014-8500.
> This fix essentially limits number of query (to authoritative servers)
> to resolve target qname. If a qname requires many query to resolve
> it becomes SERVFAIL This situation often occurs when cache is empty
> (e.g. just after starting unbound or cache flush)
> bind-users have discussed same issue last year:
> Possible workarounds are to increase MAX_TARGET_COUNT
> (iterator/iterator.h) to relax number of query limitation but it may
> reduce robustness against CVE-2014-8500-related attack.
> Regards,
> --
> Daisuke HIIGASHI
> 2015-09-11 18:39 GMT+09:00 Frank de Bot via Unbound-users
> <unbound-users at>:
>> Hi,
>> Under FreeBSD I'm setting up a resolv-only unbound server. While testing
>> I've noticed some domain do not resolve (server returns SERVFAIL)