Maintained by: NLnet Labs

unbound returns SERVFAIL although forwarder works just fine

Paul Wouters
Tue Dec 22 20:18:07 CET 2015


On Wed, 23 Dec 2015, martin f krafft via Unbound-users wrote:

> I am running unbound (1.5.7 on Debian unstable) on a laptop as
> a recursive resolver for localhost and a number of test VMs running
> on the machine. I am aware that others use dnsmasq for this, but
> I don't particularly like this monolithic do-everything tool and am
> rather familiar with unbound already.
>
> Unfortunately, I am experiencing problems at regular intervals. One
> such problem is that occasionally, unbound will be unable to resolve
> records, returning SERVFAIL:
>
>  % host debian.org
>  Host debian.org not found: 2(SERVFAIL)
>
> According to the log (full log below), unbound thinks that the
> forward server is failing:
>
>  unbound: [1144:0] debug: configured forward servers failed -- returning SERVFAIL
>
> However, querying the configured forwarding server works just fine.

>  unbound: [1144:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
>  unbound: [1144:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
>  unbound: [1144:0] debug:    ip4 192.168.1.1 port 53 (len 16)
>  unbound: [1144:0] debug: attempt to get extra 3 targets
>  unbound: [1144:0] debug: servselect ip4 192.168.1.1 port 53 (len 16)
>  unbound: [1144:0] debug:    rtt=120000
>  unbound: [1144:0] debug: No more query targets, attempting last resort
>  unbound: [1144:0] debug: configured forward servers failed -- returning SERVFAIL
>  unbound: [1144:0] debug: store error response in message cache

Did your forwarder perhaps not answer (in time) ?

Maybe try setting cache-max-negative-ttl: to something like 5 seconds ?

Paul