Maintained by: NLnet Labs

[Unbound-users] fail to resolve casalvecchi.com.ar

Willem Toorop
Mon Oct 21 15:39:12 CEST 2013


op 21-10-13 08:02, Andreas Schulze schreef:
> Hello,
>
> The domain "casalvecchi.com.ar" is broken.
Hi Andreas, it certainly is broken!

On the delegation point there are referrals to ns.abr.com.ar and 
ns1.abr.com.ar.

Only ns1.abr.com.ar. answers.
ns.abr.com.ar seems to give SERVFAIL for any query it should answer.

ns1.abr.com.ar returns one more name server when asked for its NS 
records: ns0.abr.com.ar

And when querying ns0.abr.com.ar about casalvecchi.com.ar, things get 
even more crazy! One more name server is returned: 
paimun.abrnetwork.com.ar.  which seems in sync with ns0.abr.com.ar (have 
same SOA)

Now which name servers to believe?

ns.abr.com.ar. returns SERVFAIL always
ns1.abr.com.ar. SOA serial 2013100801 and has A record 200.58.120.123 
(also for www.casalvecchi.com.ar)
ns0.abr.com.ar. and paimun.abrnetwork.com.ar. SOA serial 1216035805 has 
no A record, except for www.casalvecchi.com.ar: 190.190.191.20

> unbound-1.4.20 fail to resolve A+MX but 8.8.8.8 does it better.
>
> I planned to add local-zone/local-data "voodoo" to my unbound.conf but 
> as I not really understand
> the problem I fail to setup a workaround.
If you wish to mimic google behaviour, you could tell unbound to use 
ns1.abr.com.ar.

         local-zone: casalvecchi.com.ar. typetransparent
         local-data: "casalvecchi.com.ar. 3600 IN NS ns1.abr.com.ar."

If you trust the other name servers more, define those in local-data.

But, maybe best would be to ask casalvecchi.com.ar to fix their name 
server setup!

Cheers,
-- Willem