Maintained by: NLnet Labs

[Unbound-users] SERVFAIL and CNAME

Robert Fleischman
Fri Aug 19 16:53:38 CEST 2011


I have been having trouble resolving "www.balfour.com"

It appears that ns1.worldnic.com and ns2.worldnic.com (the NS for
www.balfour.com") is returning a CNAME response (pointing off to an
amazon'd name) with the SERVFAIL bit set in the header. It also
(according to dig) sometimes spits back a truncated response requiring
a TCP retry.

This combination of things makes unbound a bit upset.  I've seen
discussions of this here:

http://mailman.powerdns.com/pipermail/pdns-dev/2010-October/000886.html

(My guess is that worldnic.com is running PowerDNS)

In practice, sometimes unbound returns the A record, sometimes not!
It appears other recursive servers are much more permissive here.

---

Is there a way to make Unbound "happier" about this name and semi-broken setup?

-Rob