Maintained by: NLnet Labs

[Unbound-users] Parent Child Disagreement Redux

Dustin Marquess
Tue Jul 20 23:12:00 CEST 2010


On Tue, Jul 20, 2010 at 4:01 PM, Robert Edmonds <edmonds at debian.org> wrote:
> Dustin Marquess wrote:
>> What's missing is the A records :).
>>
>> Eg:
>>
>> $ host www.us.hsbc.com. 127.0.0.1
>> ;; connection timed out; no servers could be reached
>
> no, the nameservers respond fine to qtype=A, unless you are suggesting
> they intermittently fail?
>
>    www.us.hsbc.com.    600 IN  NS  phprdgss01.hsbc.com.
>    www.us.hsbc.com.    600 IN  NS  vhprdgss01.hsbc.com.
>    ;; Received 83 bytes from 198.6.1.182#53(auth61.ns.uu.net) in 67 ms
>
>
>    $ dig +short +norec @vhprdgss01.hsbc.com. a www.us.hsbc.com
>    161.113.4.6
>    $ dig +short +norec @phprdgss01.hsbc.com. a www.us.hsbc.com
>    161.113.4.6

Yes, the NS servers for the domain return the A records.  However a
client querying against the unbound cache never receives them:

$ dig @127.0.0.1 in a www.us.hsbc.com.

; <<>> DiG 9.6.2-P2 <<>> @127.0.0.1 in a www.us.hsbc.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26467
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.us.hsbc.com.               IN      A

;; Query time: 3566 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 20 16:09:33 2010
;; MSG SIZE  rcvd: 33

> fwiw unbound 1.4.5 resolves www.us.hsbc.com/A for me, and i've never
> noticed a problem looking up that domain.

us.hsbc.com works fine in unbound, www.us.hsbc.com does not.

Both work fine using dnscache or MaraDNS as the recursive DNS server.
Using Unbound under both FreeBSD & NetBSD, however, causes the above
behavior.

-Dustin