Maintained by: NLnet Labs

[Unbound-users] wanted: troubleshooting cluestick

W.C.A. Wijngaards
Wed Sep 17 08:52:48 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe Abley wrote:
>> [monster:~]% dig @127.0.0.1 nanog.org mx
>>
>> ; <<>> DiG 9.4.2 <<>> @127.0.0.1 nanog.org mx
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; connection timed out; no servers could be reached
>> [monster:~]%
>>
>> fails, consistently.

Can you increase the verbosity level to, say, 4 after the first failure?

one way to do this, is to upgrade to svn trunk; setup the remote control
feature (you need to set the control-interface to not only localhost, to
generate keys with unbound-control-setup, and put those keys and the
remote-control: part of the config on your MTA host to give the MTA host
unbound-control privileges) and use
	$ unbound-control verbosity 4
	$ dig ... nanog.org MX
	$ unbound-control verbosity 1
do this query, then lower verbosity to your preferred value again. This
should trigger a lot of debug info into the logfile, just for this query.

You could also increase verbosity in the logfile to 4, but prepare for
several Gb of logs, and possibly slowdown due to logging.

Another way is to try  unbound-host -d -d -d -d -v nanog.org -t MX
>blablabla 2>&1
The unbound-host command starts with a clean cache and so on, so may not
see the same thing.

You could try to contact the local resolver with a query for localhost.
to see if unbound itself is still responsive.
	dig ... localhost. IN A
which should work fine, without a timeout. (this checks if unbound is
DoSed or something).

If you are not sure if things are logged, the unbound server always logs
the message: start of service (unbound 1.1.0). at startup. (your version
number may differ :-) )

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjQqUAACgkQkDLqNwOhpPgexwCgpiSzHIzhqlKz+6eZFIGOcaVl
Bt4AoIX3J2VbjCiuFCImWPqydvI1w5C0
=cTj2
-----END PGP SIGNATURE-----