Maintained by: NLnet Labs

[Unbound-users] Problem with query

Paul Wouters
Thu Sep 15 21:31:37 CEST 2011


On Thu, 15 Sep 2011, Robert Fleischman wrote:

> Using unbound 1.4.12,
>
> dig -t ns dir.slb.com.
>
> It does not return, it returns instantly against bind.  :-|
>
> A few things:
>
> 1. That name has a lot of NS answers (7000+ byte reply) according to
> ns3.slb.com.   It appears to return a truncated answer and then forces
> clients (and probably unbound) to retry using TCP.

It works against my unbound-1.4.13 (open to use at 193.110.157.136).
It does fallback to tcp. The dns ns set from hell is returned.

> clearly, 
> 2. unbound doesn't return.   The query runs for hours/days/forever,
> inside unbound.  It doesn't time-out!    Digging into
> env->mesh->all.root and seen 100's of answers, and yet no response.
> Is it waiting for a COMPLETE answer?  Even though it has a huge answer
> already?

Various harden options might make it try a lot of entries before returning.
The only cases I know of unbound not returning an answer is if your loglevel
is so high that your disk cannot keep up with the queries.

> 3. dig to Google (8.8.8.8) goes to tcp and doesn't return an answer either!

That I see as well.

Paul