-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe Abley wrote: >> [monster:~]% dig @127.0.0.1 nanog.org mx >> >> ; <<>> DiG 9.4.2 <<>> @127.0.0.1 nanog.org mx >> ; (1 server found) >> ;; global options: printcmd >> ;; connection timed out; no servers could be reached >> [monster:~]% >> >> fails, consistently. Can you increase the verbosity level to, say, 4 after the first failure? one way to do this, is to upgrade to svn trunk; setup the remote control feature (you need to set the control-interface to not only localhost, to generate keys with unbound-control-setup, and put those keys and the remote-control: part of the config on your MTA host to give the MTA host unbound-control privileges) and use $ unbound-control verbosity 4 $ dig ... nanog.org MX $ unbound-control verbosity 1 do this query, then lower verbosity to your preferred value again. This should trigger a lot of debug info into the logfile, just for this query. You could also increase verbosity in the logfile to 4, but prepare for several Gb of logs, and possibly slowdown due to logging. Another way is to try unbound-host -d -d -d -d -v nanog.org -t MX >blablabla 2>&1 The unbound-host command starts with a clean cache and so on, so may not see the same thing. You could try to contact the local resolver with a query for localhost. to see if unbound itself is still responsive. dig ... localhost. IN A which should work fine, without a timeout. (this checks if unbound is DoSed or something). If you are not sure if things are logged, the unbound server always logs the message: start of service (unbound 1.1.0). at startup. (your version number may differ :-) ) Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjQqUAACgkQkDLqNwOhpPgexwCgpiSzHIzhqlKz+6eZFIGOcaVl Bt4AoIX3J2VbjCiuFCImWPqydvI1w5C0 =cTj2 -----END PGP SIGNATURE-----