Maintained by: NLnet Labs

[Unbound-users] dig +trace does not work with unbound

Dustin Marquess
Fri Nov 5 16:11:55 CET 2010


dig +trace works fine if you change your unbound.conf from:

access-control: 127.0.0.0/8 allow

to

access-control: 127.0.0.0/8 allow_snoop

Adjust IP as needed :).

-Dustin

On Fri, Nov 5, 2010 at 8:17 AM, Zbynek Michl <zbynek.michl at nic.cz> wrote:
> Hi,
>
> when I enable tracing in dig, I will get empty answer:
>
> $ dig +trace www.example.com
> ; <<>> DiG 9.7.1-P2 <<>> +trace www.example.com
> ;; global options: +cmd
> ;; Received 12 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>
> It is because +trace disables RD flag, so first query and reply is:
>
> $ dig +norecurse . NS
> ; <<>> DiG 9.7.1-P2 <<>> +norecurse . NS
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 23919
> ;; flags: qr; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Nov  5 14:01:12 2010
> ;; MSG SIZE  rcvd: 12
>
>
> When I use BIND instead of unbound, it replies ok. It is because BIND
> answers its internal root-hints NS list when RD is not set. Should not
> unbound behaves the same way?
>
> Thanks,
> Zbynek
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>