[Unbound-users] SOLVED: unbound fail to resolve a PTR
A. Schulze
sca at andreasschulze.de
Fri Jun 27 10:05:51 UTC 2014
A. Schulze:
> W.C.A. Wijngaards:
>
>> Here is the same patch for 1.4.22.
Wouter,
today I finaly can confirm that the solution you provide as patch work well.
we identified 2 unrelated faces of our general issue "reverse lookup
fail for some ip-addresses"
Face #1:
Symptom:
reverse lookup fail for some ip addresses /if use-caps-for-id is active/
Reason:
the external nameserver is broken. It answer only for lowercase queries
$ dig @ns1.cloud4you.biz. 224.243.93.193.in-addr.arpa. PTR +short
relay2.netsol4u.de.
$ dig @ns1.cloud4you.biz. 224.243.93.193.IN-ADDR.ARPA. PTR +short
...
;; connection timed out; no servers could be reached
Workaround: disable use-caps-for-id in unbound <= 1.4.22
The Fix you sent me offlist let unbound retry the queries
in complete lowercase if there are no answer so far. That work.
Was wonderful to see in as tcpdump :-)
Face #2:
Symptom:
reverse lookup fail for some ip addresses /regardless unbound is
involved or not/
$ dig @pns.dtag.de. 165.160.113.149.80.in-addr.arpa. PTR +norecurse
;; Question section mismatch: got 245.160.113.149.in-addr.arpa/PTR/IN
But only on udp transport. On TCP transport that gets the right answer.
$ dig @pns.dtag.de. 165.160.113.149.80.in-addr.arpa. PTR +norecurse
+tcp +short
tcmail13.telekom.de.
Reason:
Cisco ASA Firewall in the way
Solution:
disable DNS content inspection on Cisco device :-)
It's time for a relaxed weekend now...
Thanks,
Andreas
More information about the Unbound-users
mailing list