Maintained by: NLnet Labs

[Unbound-users] unbound trying only one of three nameservers

Darek M
Wed Mar 16 22:03:30 CET 2011


And conveniently, that is the one server that seems to be unresponsive.

Trying to look up domain infoblox.com, with nameservers ns1, ns2 and
ns3.infoblox.com.  It seems to work from outside sources like
zoneedit.com, 4.2.2.1, and dnswatch.info (they all probably skip the
dead NS).

ns3 is unresponsive, and also has a AAAA record.  Unbound doesn't seem
to jump to any of the other ones, just keeps asking ns3 until it times
out.  I'm very new to unbound, so please let me know what I should do
to debug this.  This system (FreeBSD 7.0) doesn't have any IPv6 set
up.

Below is a "verbosity: 4" log.

$ dig @UNBOUND.SERVER infoblox.com a

; <<>> DiG 9.6.1-P1 <<>> @UNBOUND.SERVER infoblox.com a
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached


Snippet from the log file.  Only able to grep for the domain as it's a
busy server:

[1300303603] unbound[95511:0] info: iterator operate: query
<ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: processQueryTargets:
<ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: DelegationPoint<infoblox.com.>: 3
names (0 missing), 5 addrs (3 result, 0 avail) parentNS
[1300303603] unbound[95511:0] info:   ns3.infoblox.com. * A AAAA PSIDE_A
[1300303603] unbound[95511:0] info:   ns2.infoblox.com. * A PSIDE_A
[1300303603] unbound[95511:0] info:   ns1.infoblox.com. * A
[1300303603] unbound[95511:0] info: sending query: <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] debug: sending to target:
<infoblox.com.> 205.234.19.10#53
[1300303603] unbound[95511:0] info: 3RDCD mod1  <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 6RDdc mod1 rep <infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 3RDCD mod1  <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 6RDdc mod1 rep <infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 3RDCD mod1  <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 6RDdc mod1 rep <infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 3RDCD mod1  <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 6RDdc mod1 rep <infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 3RDCD mod1  <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 6RDdc mod1 rep <infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 3RDCD mod1  <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 5RDdc mod1 rep <infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 3RDCD mod1  <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 5RDdc mod1 rep <infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 4RDCD mod1  <ns3.infoblox.com. A IN>
[1300303603] unbound[95511:0] info: 6RDdc mod1 rep <infoblox.com. A IN>
... few more hundred of these...



# egrep -v '^(#|.+#|$)' /usr/local/etc/unbound/unbound.conf
server:
        pidfile: /usr/local/etc/unbound/unbound.pid
        verbosity: 4
        interface: X.X.X.X
        do-ip6: no
        access-control: X.X.X.X/20 allow
        access-control: 10.0.0.0/8       allow
        access-control: 192.168.0.0/16   allow
        access-control: 172.16.0.0/12   allow
        logfile: "/var/log/unbound.log"
        hide-version: yes

        local-zone: "168.192.in-addr.arpa" nodefault
        local-zone: "16.172.in-addr.arpa" nodefault
        local-zone: "10.in-addr.arpa" nodefault
remote-control:
stub-zone:
        name: "16.172.in-addr.arpa."
        stub-host: auth1.ns.DOMAIN.net.
        stub-host: auth2.ns.DOMAIN.net.

stub-zone:
        name: "168.192.in-addr.arpa."
        stub-host: auth1.ns.DOMAIN.net.
        stub-host: auth2.ns.DOMAIN.net.

stub-zone:
        name: "10.in-addr.arpa."
        stub-host: auth1.ns.DOMAIN.net.
        stub-host: auth2.ns.DOMAIN.net.

stub-zone:
        name: "list.DOMAIN.net."
        stub-addr: X.X.X.X


# unbound -h
usage:  unbound [options]
        start unbound daemon DNS resolver.
-h      this help
-c file config file to read instead of /usr/local/etc/unbound/unbound.conf
        file format is described in unbound.conf(5).
-d      do not fork into the background.
-v      verbose (more times to increase verbosity)
Version 1.4.8
linked libs: mini-event internal (it uses select), ldns 1.6.8, OpenSSL
1.0.0d 8 Feb 2011
linked modules: validator iterator
configured for amd64-portbld-freebsd7.0 on Tue Mar  8 13:09:42 EST
2011 with options: '--with-ssl=/usr/local' '--with-ldns-builtin'
'--with-libevent=no' '--prefix=/usr/local' '--mandir=/usr/local/man'
'--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd7.0'
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs at nlnetlabs.nl

-- 
Darek