Maintained by: NLnet Labs

[Unbound-users] Odd failures in 1.3.4

Paul Wouters
Tue Jan 12 23:33:18 CET 2010


Hi,

I'm getting random failures or various domains with unbound 1.3.4. (I know
about 1.4.1)

Just now, reviews.ebay.ca failed to resolve. A dig without +dnssec gave me
ServFail. A dig with +cd gave me a response:

[paul at bofh ~]$ dig +dnssec +cd reviews.ebay.ca @193.110.157.136

; <<>> DiG 9.6.1-P2-RedHat-9.6.1-13.P2.fc12 <<>> +dnssec +cd reviews.ebay.ca @193.110.157.136
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25715
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;reviews.ebay.ca.		IN	A

;; ANSWER SECTION:
reviews.ebay.ca.	248	IN	CNAME	reviews.intl.ebay.com.
reviews.intl.ebay.com.	3548	IN	CNAME	search-desc.intl.ebay.com.
search-desc.intl.ebay.com. 248	IN	A	66.211.160.141
search-desc.intl.ebay.com. 248	IN	A	66.135.202.75

;; Query time: 104 msec
;; SERVER: 193.110.157.136#53(193.110.157.136)
;; WHEN: Tue Jan 12 17:26:16 2010
;; MSG SIZE  rcvd: 137


My first question is, does unbound disable more then just dnssec when
using the CD flag? (and if so, is that expected? I always assumed CD
was only for DNSSEC validation bypassing)

My second question is if this is one of the bugs fixed in 1.4.1 + r1953.

Paul