Maintained by: NLnet Labs

[Unbound-users] Unbound answering SERVFAIL

Cédric Girard
Mon Mar 16 18:23:39 CET 2009


2009/3/16 Ondřej Surý <ondrej at sury.org>

> Hi Cédric,
>
Hi,

>
> does 192.168.2.2 serve . zone?


No it does not. But (I'll double check) I'm not sure Unbound try to contact
the authoritative server.
Also it was working fine with BIND. Do they have a different behavior on
that point ?

Thanks,

Cédric


> Ondrej
>
> 2009/3/16 Cédric Girard <girard.cedric at gmail.com>:
> > Hello,
> >
> > I'm currently doing some testing on DNS. Thus my configuration is perhaps
> > singular.
> >
> > I've an authoritative server set-up and working. This server zone is
> called
> > "test.".
> > I've tried to set up a caching server on another server with Unbound
> 1.2.1.
> > This two servers are connected each other through a crossover cable and
> not
> > connected to the Internet.
> >
> > When I try to do a dig from a client (directly connected to the caching
> > server and not connected to the Internet) I get a SERVFAIL back. I must
> say
> > that with BIND instead of Unbound and without any other changes to the
> > configuration it was fully working.
> >
> > To have a better understanding of following files:
> > - 192.168.1.1 is the client
> > - 192.168.1.2 is the caching server on the client side
> > - 192.168.2.1 is the caching server on the authoritative server side
> > - 192.168.2.2 is the authoritative server
> >
> > Content of unbound.conf:
> >
> > server:
> >         root-hints: "/root/conf/cache/db.root"
> >         do-ip6: no
> >         username: ""
> >         verbosity: 3
> >         logfile: ""
> >         chroot: ""
> >         module-config: "iterator"
> >         access-control: 0.0.0.0/0 allow
> >         port: 53
> >         interface: 192.168.1.2
> >         interface: 192.168.3.2
> >         outgoing-interface: 192.168.2.1
> >
> >
> > Content of db.root:
> >
> > ns.test.        36000   A       192.168.2.2
> > .               36000   NS      ns.test.
> >
> >
> > Log from Unbound (the request was "dig @192.168.1.2 test1.test. A")
> >
> > station24:~# unbound -c /etc/unbound.conf -d
> > [1237215220] unbound[2605:0] debug: chdir to /usr/local/etc/unbound
> > [1237215220] unbound[2605:0] debug: switching log to stderr
> > [1237215220] unbound[2605:0] debug: module config: "iterator"
> > [1237215220] unbound[2605:0] notice: init module 0: iterator
> > [1237215220] unbound[2605:0] debug: target fetch policy for level 0 is 3
> > [1237215220] unbound[2605:0] debug: target fetch policy for level 1 is 2
> > [1237215220] unbound[2605:0] debug: target fetch policy for level 2 is 1
> > [1237215220] unbound[2605:0] debug: target fetch policy for level 3 is 0
> > [1237215220] unbound[2605:0] debug: target fetch policy for level 4 is 0
> > [1237215220] unbound[2605:0] debug: Reading root hints from
> > /root/conf/cache/db.root
> > [1237215220] unbound[2605:0] info: DelegationPoint<.>: 1 names (1
> missing),
> > 0 addrs (0 result, 0 avail)
> > [1237215220] unbound[2605:0] debug: cache memory msg=33040 rrset=33040
> > infra=1312 val=0
> > [1237215220] unbound[2605:0] info: start of service (unbound 1.2.1).
> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
> > extstate:module_state_initial event:module_event_new
> > [1237215271] unbound[2605:0] info: resolving <test1.test. A IN>
> > [1237215271] unbound[2605:0] info: priming . IN NS
> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
> > extstate:module_state_initial event:module_event_pass
> > [1237215271] unbound[2605:0] info: iterator operate: query <. NS IN>
> > [1237215271] unbound[2605:0] info: processQueryTargets: <. NS IN>
> > [1237215271] unbound[2605:0] info: new target <ns.test. A IN>
> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
> > extstate:module_state_initial event:module_event_pass
> > [1237215271] unbound[2605:0] info: iterator operate: query <ns.test. A
> IN>
> > [1237215271] unbound[2605:0] info: resolving <ns.test. A IN>
> > [1237215271] unbound[2605:0] info: priming . IN NS
> > [1237215271] unbound[2605:0] info: cycle detected <. NS IN>
> > [1237215271] unbound[2605:0] debug: return error response REFUSED
> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
> > extstate:module_wait_subquery event:module_event_pass
> > [1237215271] unbound[2605:0] info: iterator operate: query <. NS IN>
> > [1237215271] unbound[2605:0] info: processQueryTargets: <. NS IN>
> > [1237215271] unbound[2605:0] debug: out of query targets -- returning
> > SERVFAIL
> > [1237215271] unbound[2605:0] debug: return error response SERVFAIL
> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
> > extstate:module_wait_subquery event:module_event_pass
> > [1237215271] unbound[2605:0] info: iterator operate: query <test1.test. A
> > IN>
> > [1237215271] unbound[2605:0] info: processQueryTargets: <test1.test. A
> IN>
> > [1237215271] unbound[2605:0] debug: Failed to get a delegation, giving up
> > [1237215271] unbound[2605:0] debug: return error response SERVFAIL
> > [1237215271] unbound[2605:0] debug: cache memory msg=33141 rrset=33040
> > infra=1312 val=0
> >
> > _______________________________________________
> > Unbound-users mailing list
> > Unbound-users at unbound.net
> > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> >
>
>
>
> --
> Ondřej Surý <ondrej at sury.org>
> http://blog.rfc1925.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20090316/f5aece86/attachment.htm>