Maintained by: NLnet Labs

[Unbound-users] Strange behavior with AAAA record

Teran McKinney
Sat Aug 2 02:24:54 CEST 2008


Hi,

I have been using Unbound 1.01 for about a week and have tested it on
multiple boxes. It has a very rich feature set, ran perfectly on a 486
with 16MB of RAM (needed to set it to use less caching memory though),
and the configuration file is awesome.

However, I think I may have uncovered a bug in Unbound and/or iputils.
When trying to ping6 my most recently created subdomain from Zoneedit
(icadyptes.eleuther.net; currently waiting for the domain to transfer
to Joker so I can point it to my VPS with NSD and have full IPv6
glue), my boxes resolving to an Unbound daemon spike in CPU usage and
get about 3 pings through in 20 seconds. The latency is fine and there
is no packet loss, however. Drill shows the correct AAAA record which
I can ping6 directly without problems. If I use OpenDNS or the hosts
file manually I do not have this issue with ping6. Other domains on
Zoneedit with AAAA records work perfectly (icadyptes.go-beyond.org,
{,www.}go-beyond.org, foureightysix.go-beyond.org,
{,www.}eleuther.net) with ping6 and Unbound.

Setting Zoneedit's nameserver in resolv.conf or the IP that NSD
resides on causes no such oddities while ping6'ing. This strange
behavior only occurs when using Unbound. I would also think that
iputil's ping6 should not spike the CPU usage so much whatever DNS
information it is getting.

Here is output of Drill comparing Unbound and OpenDNS' reponse:

[root at virtualgnu etc]# drill icadyptes.eleuther.net aaaa @::1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 51355
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;; icadyptes.eleuther.net.	IN	AAAA

;; ANSWER SECTION:
icadyptes.eleuther.net.	4328	IN	AAAA	2001:470:3:e::1123:5813

;; AUTHORITY SECTION:
eleuther.net.	7016	IN	NS	ns14.zoneedit.com.
eleuther.net.	7016	IN	NS	ns2.zoneedit.com.

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: ::1
;; WHEN: Fri Aug  1 21:38:00 2008
;; MSG SIZE  rcvd: 117

[root at virtualgnu etc]# drill icadyptes.eleuther.net aaaa @208.67.222.222
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 6759
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; icadyptes.eleuther.net.	IN	AAAA

;; ANSWER SECTION:
icadyptes.eleuther.net.	7200	IN	AAAA	2001:470:3:e::1123:5813

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 197 msec
;; SERVER: 208.67.222.222
;; WHEN: Sat Aug  2 00:03:45 2008
;; MSG SIZE  rcvd: 68

Perhaps this could be related to the usage of the short hand '::' in
the AAAA record, with Unbound not properly reformatting the response
from Zoneedit? Or maybe it is just a bug in iputils? Other utilities
(telnet, Arch Linux package manager) seem to work fine with Unbound's
response though.

Any ideas, suggestions, or anything else I could try?

Thanks,
Teran (sega01)