Maintained by: NLnet Labs

Unbound 1.5.9

Ralph Dolmans
Thu Jun 16 14:09:05 CEST 2016


Hi Andreas,

Do you have QNAME minimisation enabled? Before 1.5.9 Unbound had code to
limit the number of outgoing queries for ip6.arpa lookups, in 1.5.9 we
generalised this to have a limit for all lookups. The new behaviour
might result in slightly more queries to the nameservers of a zone. The
combination of the "high" number of queries and the low number of
targets (one stub) can result in unbound marking the only available
target as unsuitable, therefore returning a SERVFAIL response.

This simple patch for 1.5.9 solves this problem. Also committed to trunk
in the source repository.


Index: iterator/iterator.c
===================================================================
--- iterator/iterator.c (revision 3795)
+++ iterator/iterator.c (working copy)
@@ -2024,6 +2024,8 @@
                iq->qinfo_out.qname_len = iq->qchase.qname_len;
                iq->minimise_count++;

+               iter_dec_attempts(iq->dp, 1);
+
                /* Limit number of iterations for QNAMEs with more


On 15-06-16 23:56, A. Schulze via Unbound-users wrote:
> 
> 
> Am 15.06.2016 um 12:33 schrieb A. Schulze via Unbound-users:
> 
>> just noticed this happen only on a Debian Squeeze host
>> On Debian Jessie I get the rDNS.
> 
> The OS version is unrelated the configuration was different...
> 
> I have a stub-zone statements in unbound.conf pointing to the hidden
> master nameserver for my zones.
> It works if I removed the stub-zone statement.
> 
> But: even if I add a stub-zone section pointing unbound to the delegated
> nameserver resolving fail
> as long I have only one stub-addr statement. Using two stub-addr
> statements or adding "stub-prime: yes" make the zone resolvable.u
> 
> That happen not for in-addr.arpa or 'normal' domains.
> It happen only for my ip6.arpa zone.
> 
> Andreas