Maintained by: NLnet Labs

[Unbound-users] Unbound answering SERVFAIL

Ondřej Surý
Mon Mar 16 18:28:30 CET 2009


2009/3/16 Cédric Girard <girard.cedric at gmail.com>:
>
> 2009/3/16 Ondřej Surý <ondrej at sury.org>
>>
>> Hi Cédric,
>
> Hi,
>>
>> does 192.168.2.2 serve . zone?
>
>
> No it does not. But (I'll double check) I'm not sure Unbound try to contact
> the authoritative server.

According to the logfile Unbound is trying to prime root servers. And you
specified servers for . in your db.root file and not servers for test, so you
need to have full delegation path from '.' to your test zone.

> Also it was working fine with BIND. Do they have a different behavior on
> that point ?

It's very much possible.

Ondrej

> Thanks,
>
> Cédric
>
>>
>> Ondrej
>>
>> 2009/3/16 Cédric Girard <girard.cedric at gmail.com>:
>> > Hello,
>> >
>> > I'm currently doing some testing on DNS. Thus my configuration is
>> > perhaps
>> > singular.
>> >
>> > I've an authoritative server set-up and working. This server zone is
>> > called
>> > "test.".
>> > I've tried to set up a caching server on another server with Unbound
>> > 1.2.1.
>> > This two servers are connected each other through a crossover cable and
>> > not
>> > connected to the Internet.
>> >
>> > When I try to do a dig from a client (directly connected to the caching
>> > server and not connected to the Internet) I get a SERVFAIL back. I must
>> > say
>> > that with BIND instead of Unbound and without any other changes to the
>> > configuration it was fully working.
>> >
>> > To have a better understanding of following files:
>> > - 192.168.1.1 is the client
>> > - 192.168.1.2 is the caching server on the client side
>> > - 192.168.2.1 is the caching server on the authoritative server side
>> > - 192.168.2.2 is the authoritative server
>> >
>> > Content of unbound.conf:
>> >
>> > server:
>> >         root-hints: "/root/conf/cache/db.root"
>> >         do-ip6: no
>> >         username: ""
>> >         verbosity: 3
>> >         logfile: ""
>> >         chroot: ""
>> >         module-config: "iterator"
>> >         access-control: 0.0.0.0/0 allow
>> >         port: 53
>> >         interface: 192.168.1.2
>> >         interface: 192.168.3.2
>> >         outgoing-interface: 192.168.2.1
>> >
>> >
>> > Content of db.root:
>> >
>> > ns.test.        36000   A       192.168.2.2
>> > .               36000   NS      ns.test.
>> >
>> >
>> > Log from Unbound (the request was "dig @192.168.1.2 test1.test. A")
>> >
>> > station24:~# unbound -c /etc/unbound.conf -d
>> > [1237215220] unbound[2605:0] debug: chdir to /usr/local/etc/unbound
>> > [1237215220] unbound[2605:0] debug: switching log to stderr
>> > [1237215220] unbound[2605:0] debug: module config: "iterator"
>> > [1237215220] unbound[2605:0] notice: init module 0: iterator
>> > [1237215220] unbound[2605:0] debug: target fetch policy for level 0 is 3
>> > [1237215220] unbound[2605:0] debug: target fetch policy for level 1 is 2
>> > [1237215220] unbound[2605:0] debug: target fetch policy for level 2 is 1
>> > [1237215220] unbound[2605:0] debug: target fetch policy for level 3 is 0
>> > [1237215220] unbound[2605:0] debug: target fetch policy for level 4 is 0
>> > [1237215220] unbound[2605:0] debug: Reading root hints from
>> > /root/conf/cache/db.root
>> > [1237215220] unbound[2605:0] info: DelegationPoint<.>: 1 names (1
>> > missing),
>> > 0 addrs (0 result, 0 avail)
>> > [1237215220] unbound[2605:0] debug: cache memory msg=33040 rrset=33040
>> > infra=1312 val=0
>> > [1237215220] unbound[2605:0] info: start of service (unbound 1.2.1).
>> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
>> > extstate:module_state_initial event:module_event_new
>> > [1237215271] unbound[2605:0] info: resolving <test1.test. A IN>
>> > [1237215271] unbound[2605:0] info: priming . IN NS
>> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
>> > extstate:module_state_initial event:module_event_pass
>> > [1237215271] unbound[2605:0] info: iterator operate: query <. NS IN>
>> > [1237215271] unbound[2605:0] info: processQueryTargets: <. NS IN>
>> > [1237215271] unbound[2605:0] info: new target <ns.test. A IN>
>> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
>> > extstate:module_state_initial event:module_event_pass
>> > [1237215271] unbound[2605:0] info: iterator operate: query <ns.test. A
>> > IN>
>> > [1237215271] unbound[2605:0] info: resolving <ns.test. A IN>
>> > [1237215271] unbound[2605:0] info: priming . IN NS
>> > [1237215271] unbound[2605:0] info: cycle detected <. NS IN>
>> > [1237215271] unbound[2605:0] debug: return error response REFUSED
>> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
>> > extstate:module_wait_subquery event:module_event_pass
>> > [1237215271] unbound[2605:0] info: iterator operate: query <. NS IN>
>> > [1237215271] unbound[2605:0] info: processQueryTargets: <. NS IN>
>> > [1237215271] unbound[2605:0] debug: out of query targets -- returning
>> > SERVFAIL
>> > [1237215271] unbound[2605:0] debug: return error response SERVFAIL
>> > [1237215271] unbound[2605:0] debug: iterator[module 0] operate:
>> > extstate:module_wait_subquery event:module_event_pass
>> > [1237215271] unbound[2605:0] info: iterator operate: query <test1.test.
>> > A
>> > IN>
>> > [1237215271] unbound[2605:0] info: processQueryTargets: <test1.test. A
>> > IN>
>> > [1237215271] unbound[2605:0] debug: Failed to get a delegation, giving
>> > up
>> > [1237215271] unbound[2605:0] debug: return error response SERVFAIL
>> > [1237215271] unbound[2605:0] debug: cache memory msg=33141 rrset=33040
>> > infra=1312 val=0
>> >
>> > _______________________________________________
>> > Unbound-users mailing list
>> > Unbound-users at unbound.net
>> > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>> >
>>
>>
>>
>> --
>> Ondřej Surý <ondrej at sury.org>
>> http://blog.rfc1925.org/
>
>
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>



-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/