Maintained by: NLnet Labs

[Unbound-users] Problem with query

Paul Wouters
Thu Sep 15 22:36:26 CEST 2011


On Thu, 15 Sep 2011, Robert Fleischman wrote:

> Are you SURE your server returns?  I just tried it with:
>
> dig +time=600 +tcp @193.110.157.136 -t ns dir.slb.com.
>
> And it doesn't return AT ALL.  (That is a 10 minute wait time!!)

Seems you are right. An entry in my reslv.conf sneaked through to my bind
fallback server, which does anser with the hunderds of NS records, though
without any additional A records.

I ran:  unbound-host dir.slb.com. -t NS -ddddd

but killed it after it had generated 100MB of data and was still looping.
bind does return pretty quickly, though it has no additional records at all.

dig ns dir.slb.com @ns3.slb.com. also shows how bogus that response is.
Many *.dir.slb.com nameservers, but not a single glue record.

> I don't have any "harden" stuff on.    I do have:
>
> val-permissive-mode: yes

That disables all DNSSEC. Any good reason for that?

Paul