Maintained by: NLnet Labs

[Unbound-users] Problem resolving MX in Unbound cascade

lst_hoe02 at kwsoft.de
Tue Mar 13 10:37:21 CET 2012


Hello

today i noticed that on our mail gateway a message to iau-arak.ac.ir  
domain was stuck for more than a day. The MTA claimed "name service  
error" and in fact a "dig iau-arak.ac.ir" got srvfail as answer. The  
MTA has a local non-validating Unbound 1.4.16 which uses a second  
validating Unbound 1.4.16 as forwarder. After resolving the MX at the  
firewall step-by-step with dig the answer got finally through?
The only odd thing about the domain in question is that one of the NS  
does not work (timeout). Any idea why the internal instance was not  
able to get a result?
A single instance Unbound 1.4.16 worked fine BTW, so it must be  
something about the forwarder, no?

Regards

Andreas