Maintained by: NLnet Labs

[Unbound-users] SERVFAIL from Unbound whentrying to resolve a hostname

W.C.A. Wijngaards
Thu Dec 18 10:35:36 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Marc,

It works for me, all the time.

$ unbound-host -v www.icscards.nl
www.icscards.nl has address 164.140.155.125 (insecure)
www.icscards.nl has no IPv6 address (insecure)
Host www.icscards.nl not found: 2(SERVFAIL). (insecure)

The last line is because www.icscards.nl drops MX answers. That does not
explain what happens to you.

Can you run your unbound-host with -dddd to get debug info, capture the
output and send it to me (off-list because it gets big) ?

It seems you get different packets.

Best regards,
   Wouter

Marc Groeneweg wrote:
> Wouter,
> 
>> I have tried here.  Sometimes it works.   Sometimes bind starts giving
>> me SERVFAIL too.
> SNAP
> 
>> c) if I try:
>> ./unbound-host -v www.icscards.nl -t A -dddd
>>
>> I see the result is:
>> www.icscards.nl has address 164.140.155.125 (insecure)
>>
>> It classifies both servers as recursion lame (it detects that
>> misconfiguration) and then does a lookup.
>>
>> This detection is a feature that arrived in version 1.1.0. Are you
>> using
>> an older version of Unbound?  If so, an upgrade probably solves the
>> problem for you.
> I'm using Unbound 1.1.1 compiled on a OpenBSD box without ldns:
> 
> ./configure --with-conf-file=/sidn/unbound/etc/unbound.conf \
>             --with-run-dir=/sidn/unbound \
>             --with-pidfile=/var/run/unbound.pid \
>             --with-ssl=/usr/local
> 
> Regards,
> Marc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklKGWcACgkQkDLqNwOhpPgD1wCgtqr70zXUP/gOin6u7mqMCx8d
dQ4An3FPvqrLxP4AdzH6wxNC6fIAKbdb
=xsGU
-----END PGP SIGNATURE-----