Maintained by: NLnet Labs

[Unbound-users] queries to root servers not getting answered.

Mariano Absatz - gmail
Fri Aug 17 13:08:15 CEST 2012


On Fri, Aug 17, 2012 at 3:54 AM, W.C.A. Wijngaards <wouter at nlnetlabs.nl>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Mariano,
>
> On 08/16/2012 05:27 PM, Mariano Absatz - gmail wrote:
> > Hi,
> >
> > I just compiled and installed lnsd 1.6.13 and unbound 1.4.18 on a
> > debian lenny VM.
> >
> > Since I was getting temporary failures, I raised the log verbosity
> > to 3 and the log (which I add at the end of the message) seems to
> > indicate that queries to the root name server are either not being
> > sent or not being answered...
> >
> > I kinda manually replicated the behavior of the resolver (using
> > dbndns' dnsq command) in the same machine and got instant responses
> > in every case (copied below the log).
>
> Did you set +dnssec and +cdflag (options for 'dig') on the queries you
> tested yourself?  If not, your test differed from what unbound does.
>
Nope... I hadn't even enabled dnssec 'cause I wanted to test plain old
resolution first.


> The answers are bigger with the signatures included.  Maybe you have a
> firewall that drops UDP packets bigger than 512 bytes?
>
That might be... I'll talk with the firewall guy and check that (and come
back next week since I won't have access to the server until Monday).

Thanx for your help.

-- 
Mariano Absatz - El Baby
www.clueless.com.ar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20120817/f97ba15c/attachment.html>