Maintained by: NLnet Labs

[Unbound-users] problem with NS editnew.net

Willem Toorop
Wed Jun 11 11:40:12 CEST 2014


Hi Michael,

I am not able to reproduce.  I have used unbound on CentOS 6.5 with your
config, but with me ns2.editnew.net does resolve perfectly.  Here is my
output for the same query

Jun 11 11:35:45 unbound: [-] info: start of service (unbound 1.4.21).
Jun 11 11:35:50 unbound: [-] info: 127.0.0.1 ns2.editnew.net. A IN
Jun 11 11:35:50 unbound: [-] info: resolving ns2.editnew.net. A IN
Jun 11 11:35:50 unbound: [-] info: priming . IN NS
Jun 11 11:35:50 unbound: [-] info: response for . NS IN
Jun 11 11:35:50 unbound: [-] info: reply from <.> 199.7.91.13#53
Jun 11 11:35:50 unbound: [-] info: query response was ANSWER
Jun 11 11:35:50 unbound: [-] info: priming successful for . NS IN
Jun 11 11:35:51 unbound: [-] info: response for ns2.editnew.net. A IN
Jun 11 11:35:51 unbound: [-] info: reply from <.> 192.36.148.17#53
Jun 11 11:35:51 unbound: [-] info: query response was REFERRAL
Jun 11 11:35:51 unbound: [-] info: resolving net. DNSKEY IN
Jun 11 11:35:51 unbound: [-] info: response for net. DNSKEY IN
Jun 11 11:35:51 unbound: [-] info: reply from <net.> 192.26.92.30#53
Jun 11 11:35:51 unbound: [-] info: query response was ANSWER
Jun 11 11:35:51 unbound: [-] info: response for ns2.editnew.net. A IN
Jun 11 11:35:51 unbound: [-] info: reply from <net.> 192.35.51.30#53
Jun 11 11:35:51 unbound: [-] info: query response was REFERRAL
Jun 11 11:35:51 unbound: [-] info: response for ns2.editnew.net. A IN
Jun 11 11:35:51 unbound: [-] info: reply from <editnew.net.>
192.254.140.103#53
Jun 11 11:35:51 unbound: [-] info: query response was ANSWER

Could you run unbound-host -d ns2.editnew.net and send us the output?
Thanks,

-- Willem

op 10-06-14 18:07, Michael MacNeill schreef:
> unbound is having issues with a particular domain and powerdns_recursor
> and bind both work fine.
> 
> Trying to lookup "bluebirdrvpark.ca".
> 
> The authoritative hosts are "ns1.editnew.net" and "ns2.editnew.net".
> 
> Unbound does not seem to like the answers it is getting from either of
> these name servers.
> I'm not in control or contact with them.
> 
> I've tried unbound 1.4.21 on CentOS 6.5 and
> unbound 1.4.22 on Ubuntu 14.04
> 
> dig @127.0.0.1 ns2.editnew.net
> 
> Jun 10 08:44:41 media2 unbound: [9321:0] info: start of service (unbound
> 1.4.22).
> Jun 10 08:44:41 media2 unbound: [9321:1] info: 127.0.0.1 local. SOA IN
> Jun 10 08:44:41 media2 unbound: [9321:1] info: resolving local. SOA IN
> Jun 10 08:44:41 media2 unbound: [9321:1] info: priming . IN NS
> Jun 10 08:44:42 media2 unbound: [9321:1] info: response for . NS IN
> Jun 10 08:44:42 media2 unbound: [9321:1] info: reply from <.>
> 192.5.5.241#53
> Jun 10 08:44:42 media2 unbound: [9321:1] info: query response was ANSWER
> Jun 10 08:44:42 media2 unbound: [9321:1] info: priming successful for .
> NS IN
> Jun 10 08:44:42 media2 unbound: [9321:1] info: response for local. SOA IN
> Jun 10 08:44:42 media2 unbound: [9321:1] info: reply from <.>
> 193.0.14.129#53
> Jun 10 08:44:42 media2 unbound: [9321:1] info: query response was
> NXDOMAIN ANSWER
> 
> Jun 10 08:44:52 media2 unbound: [9321:0] info: 127.0.0.1
> ns2.editnew.net. A IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: resolving
> ns2.editnew.net. A IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: response for
> ns2.editnew.net. A IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: reply from <.>
> 192.5.5.241#53
> Jun 10 08:44:52 media2 unbound: [9321:0] info: query response was REFERRAL
> Jun 10 08:44:52 media2 unbound: [9321:0] info: resolving net. DNSKEY IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: response for net. DNSKEY IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: reply from <net.>
> 192.35.51.30#53
> Jun 10 08:44:52 media2 unbound: [9321:0] info: query response was ANSWER
> Jun 10 08:44:52 media2 unbound: [9321:0] info: response for
> ns2.editnew.net. A IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: reply from <net.>
> 192.54.112.30#53
> Jun 10 08:44:52 media2 unbound: [9321:0] info: query response was REFERRAL
> Jun 10 08:44:52 media2 unbound: [9321:0] info: resolving
> ns2.editnew.net. A IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: resolving
> ns1.editnew.net. A IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: response for
> ns2.editnew.net. A IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: reply from <net.>
> 192.43.172.30#53
> Jun 10 08:44:52 media2 unbound: [9321:0] info: query response was REFERRAL
> Jun 10 08:44:52 media2 unbound: [9321:0] info: response for
> ns1.editnew.net. A IN
> Jun 10 08:44:52 media2 unbound: [9321:0] info: reply from <net.>
> 192.42.93.30#53
> Jun 10 08:44:52 media2 unbound: [9321:0] info: query response was REFERRAL
> Jun 10 08:44:52 media2 unbound: [9321:0] info: resolving
> ns1.editnew.net. A IN
> Jun 10 08:44:53 media2 unbound: [9321:0] info: response for
> ns1.editnew.net. A IN
> Jun 10 08:44:53 media2 unbound: [9321:0] info: reply from <net.>
> 192.31.80.30#53
> Jun 10 08:44:53 media2 unbound: [9321:0] info: query response was REFERRAL
> Jun 10 08:44:53 media2 unbound: [9321:0] info: resolving
> ns2.editnew.net. A IN
> Jun 10 08:44:53 media2 unbound: [9321:0] info: response for
> ns2.editnew.net. A IN
> Jun 10 08:44:53 media2 unbound: [9321:0] info: reply from <net.>
> 192.33.14.30#53
> Jun 10 08:44:53 media2 unbound: [9321:0] info: query response was REFERRAL
> 
> cat /etc/unbound/unbound.conf
> 
> server:
>     verbosity: 2
>     statistics-interval: 86400
>     statistics-cumulative: yes
>     extended-statistics: yes
>     num-threads: 2
>     interface: 0.0.0.0
>     interface: ::0
>     interface-automatic: yes
>     port: 53
>     outgoing-range: 4096
>     outgoing-port-permit: 32768-65535
>     outgoing-port-avoid: 0-32767
>     outgoing-num-tcp: 10
>     incoming-num-tcp: 10
>     so-rcvbuf: 8m
>     max-udp-size: 3072
>     msg-cache-size: 64m
>     msg-cache-slabs: 4
>     rrset-cache-size: 128m
>     rrset-cache-slabs: 4
>     infra-cache-slabs: 4
>     do-ip4: yes
>     do-ip6: no
>     do-udp: yes
>     do-tcp: yes
>     do-daemonize: yes
>     access-control: 0.0.0.0/0 deny
>     access-control:    127.0.0.0/8 allow
>     access-control: 10.0.0.0/8 allow
>     access-control: 192.168.0.0/16 allow
>     access-control:    172.16.0.0/12 allow
>     chroot: ""
>     username: "unbound"
>     directory: "/etc/unbound"
>     use-syslog: yes
>     log-time-ascii: yes
>     log-queries: yes
>     pidfile: "/var/run/unbound.pid"
>     root-hints: "root.hints"
>     hide-identity: yes
>     hide-version: yes
>     harden-glue: no
>     harden-dnssec-stripped: no
>     harden-below-nxdomain: no
>     harden-referral-path: no
>     use-caps-for-id: no
>     private-address: 10.0.0.0/8
>     private-address: 172.16.0.0/12
>     private-address: 192.168.0.0/16
>     private-address: fd00::/8
>     private-address: fe80::/10
>     unwanted-reply-threshold: 10000000
>     do-not-query-address: 127.0.0.1/8
>     do-not-query-address: ::1
>     do-not-query-localhost: yes
>     prefetch: yes
>     prefetch-key: yes
>     rrset-roundrobin: yes
>     minimal-responses: yes
>     # dlv-anchor-file: "/etc/unbound/dlv.isc.org.key"
>     # trusted-keys-file: /etc/unbound/keys.d/*.key
>     # auto-trust-anchor-file: "/var/lib/unbound/root.anchor"
>     val-clean-additional: yes
>     val-permissive-mode: yes
>     val-log-level: 2
>     key-cache-slabs: 4
> 
> remote-control:
>     control-enable: yes
>     control-interface: 127.0.0.1
>     control-port: 953
>     server-key-file: "/etc/unbound/unbound_server.key"
>     server-cert-file: "/etc/unbound/unbound_server.pem"
>     control-key-file: "/etc/unbound/unbound_control.key"
>     control-cert-file: "/etc/unbound/unbound_control.pem"
> 
> 
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>