Maintained by: NLnet Labs

[Unbound-users] SERVFAIL then proper reply

Paul Wouters
Fri Jul 3 21:14:54 CEST 2009


On Fri, 3 Jul 2009, W.C.A. Wijngaards wrote:

> I think this is a result of a bug I already fixed, which barfed the
> security status after taking a query from the cache a second time.
>
> In your logs this seems to happen for in-addr.arpa.dlv.isc.org, which
> loses the secure status for its DLV answer, which in turn makes the
> DLV lookup error, which generates the servfail.  Why the second lookup
> then succeeds I do not understand.

Oh, just realised my resolver uses dnssec-conf, and will load trust anchors for
all the RIPE zones, so they don't go via DLV.

> I hope the bug is fixed in 1.3.1 (just with release candidate), otherwise I'd 
> like to look at a higher verbosity log for it.

1.3.0-1 in fedora should also have that fix incorperated.

Paul