Maintained by: NLnet Labs

[Unbound-users] Cannot resolve the MX for bk.bund.de using unbound

lst_hoe02 at kwsoft.de
Thu Dec 13 10:58:05 CET 2012


Zitat von Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:

>> If you do dnssec validation, set the val-log-level: 2 in unbound.conf.
>> Then it prints detailed errors about what goes wrong (and reload or
>> restart unbound).
>
> Excellent. For the time being I disabled dnssec validation and I get:
> # dig @127.0.0.1 -t mx bk.bund.de
>
> ; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 -t mx bk.bund.de
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13543
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 8
>
> ;; QUESTION SECTION:
> ;bk.bund.de.INMX
>
> ;; ANSWER SECTION:
> bk.bund.de. 12583 IN MX 10 mx2.bund.de.
> bk.bund.de. 12583 IN MX 10 mx1.bund.de.
> ...

As said have a look if you have problems with DNS reply sizes  
 >512bytes. The DNSSEC enabled answer for bk.bund.de is ~2000bytes  
which might get you in trouble with firewalls and other "smart"  
traffic filters.

Regards

Andreas