Maintained by: NLnet Labs

[Unbound-users] SOLVED: unbound fail to resolve a PTR

A. Schulze
Fri Jun 27 12:05:51 CEST 2014


A. Schulze:

> W.C.A. Wijngaards:
>
>> Here is the same patch for 1.4.22.

Wouter,

today I finaly can confirm that the solution you provide as patch work well.

we identified 2 unrelated faces of our general issue "reverse lookup  
fail for some ip-addresses"

Face #1:
   Symptom:
   reverse lookup fail for some ip addresses /if use-caps-for-id is active/

   Reason:
   the external nameserver is broken. It answer only for lowercase queries
   $ dig @ns1.cloud4you.biz. 224.243.93.193.in-addr.arpa. PTR +short
   relay2.netsol4u.de.

   $ dig @ns1.cloud4you.biz. 224.243.93.193.IN-ADDR.ARPA. PTR +short
   ...
   ;; connection timed out; no servers could be reached

   Workaround: disable use-caps-for-id in unbound <= 1.4.22

   The Fix you sent me offlist let unbound retry the queries
   in complete lowercase if there are no answer so far. That work.
   Was wonderful to see in as tcpdump :-)

Face #2:

   Symptom:
   reverse lookup fail for some ip addresses /regardless unbound is  
involved or not/

   $ dig @pns.dtag.de. 165.160.113.149.80.in-addr.arpa. PTR +norecurse
   ;; Question section mismatch: got 245.160.113.149.in-addr.arpa/PTR/IN

   But only on udp transport. On TCP transport that gets the right answer.
   $ dig @pns.dtag.de. 165.160.113.149.80.in-addr.arpa. PTR +norecurse  
+tcp +short
   tcmail13.telekom.de.

   Reason:
   Cisco ASA Firewall in the way

   Solution:
   disable DNS content inspection on Cisco device :-)

It's time for a relaxed weekend now...
Thanks,

Andreas