Maintained by: NLnet Labs

[Unbound-users] Unbound 1.4.8 returns sporadic SERVFAIL -- solved

Jan-Piet Mens
Fri Feb 25 22:47:11 CET 2011


Wouter,

> The NS record is bogus.  When it finds out the NS record is
> bogus, unbound refuses to talk to those nameservers.

Paul Wouters was right: the zone content was bad, and Andreas spotted
the cause: multiple RRSIGs on the NS RRset. My pdns signer erroneously
created them, but that has just been fixed in r2053.

I thought it was Unbound only, because neither BIND nor [1], [2], or [3]
hinted that something was wrong. That worries me.

Thank you  all,

        -JP

[1] http://dnssec-debugger.verisignlabs.com/
[2] http://dnsviz.net/
[3] http://dnscheck.iis.se/