Maintained by: NLnet Labs

[Unbound-users] Unexpected results - Unbound results don't match external DNS

pcl-associates
Sun Jul 27 15:59:30 CEST 2014


Hi Carsten,

Unfortunately, the issue is not limited to nslookup.  Here's what I get when I run the same dig command you did below.  Evidently something isn't right because my results should match yours.  In a separate email, Chris asked if I was using this as a forwarder or resolver.  I am using it as an authoritative, validating, recursive caching dns server as described here: https://calomel.org/unbound_dns.html.    

# dig 158.24.39.46.zen.spamhaus.org.

; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> 158.24.39.46.zen.spamhaus.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22741
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;158.24.39.46.zen.spamhaus.org.	IN	A

;; AUTHORITY SECTION:
zen.spamhaus.org.	3546	IN	SOA	need.to.know.only. hostmaster.spamhaus.org. 1407271350 3600 600 432000 150

;; Query time: 39 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 27 15:52:37 CEST 2014
;; MSG SIZE  rcvd: 122



On Jul 27, 2014, at 6:45 AM, Carsten Strotmann <unbound at strotmann.de> wrote:

> Hello Patrick,
> 
> pcl-associates writes:
> 
>> Hi,
>> 
>> I don't know if I'm expecting too much from unbound but for certain
>> lookups I get a different result from unbound than I get from an
>> external DNS server.  For example:
> 
> Unbound is all good here, you're expecting too much from
> "nslookup". Unbound returns the correct answers, but "nslookup" fails to
> ask the wanted questions to Unbound (and does not show the DNS
> queries). 
> 
> Please try to use the tools "dig" or "drill" to send the query to
> Unbound, the output will either give you a clue or, if posted here, will
> give the participants of this mailing list an idea what might be wrong.
> 
> Example (using my local Unbound instance):
> 
> % dig 158.24.39.46.zen.spamhaus.org. 
> 
> ; <<>> DiG 9.10.0-P1 <<>> 158.24.39.46.zen.spamhaus.org.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42320
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;158.24.39.46.zen.spamhaus.org. IN      A
> 
> ;; ANSWER SECTION:
> 158.24.39.46.zen.spamhaus.org. 900 IN   A       127.0.0.11
> 158.24.39.46.zen.spamhaus.org. 900 IN   A       127.0.0.4
> 
> ;; Query time: 205 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Sun Jul 27 15:43:37 CEST 2014
> ;; MSG SIZE  rcvd: 90
> 
> -- 
> Carsten Strotmann
> Email: cas at strotmann.de
> Blog: strotmann.de
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140727/536551eb/attachment.html>