Maintained by: NLnet Labs

partial problem resolving kernel-error.de

A. Schulze
Tue May 30 09:21:46 CEST 2017


Hello,

the Domain use huge keys: https://zonemaster.net/test/f8b42c485139ea99
Also DNSViz http://dnsviz.net/d/kernel-error.de/dnssec/ show warnings.

But most of my unbound-host resolve without problems except instances on
"cheap hosted virtual machines"
As far as I can tell all unbound servers are configured identical:

server:
  chroot: /etc/unbound
  minimal-responses: yes
  harden-below-nxdomain: yes
  harden-referral-path: yes
  harden-glue: yes
  outgoing-tcp-mss: 1220
  qname-minimisation: yes
  tcp-mss: 1220
  use-caps-for-id: yes
  val-log-level: 2
  auto-trust-anchor-file: trust/root-rfc5011.anchor
  # do-ip4: yes
  # do-ip6: yes

"verbosity: 2" flood log errors when I "dig @$resolver  
kernel-error.de. dnskey +dnssec"
2017-05-30 00:03:24.413773500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 5.9.24.235
2017-05-30 00:03:24.419315500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 5.9.24.235
2017-05-30 00:03:24.419584500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1
2017-05-30 00:03:24.424685500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2a01:4f8:150:1095::53
2017-05-30 00:03:24.430201500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 5.9.24.235
2017-05-30 00:03:24.432426500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1
2017-05-30 00:03:24.435559500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2a01:4f8:161:3ec::53
2017-05-30 00:03:24.441102500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 5.9.24.235
2017-05-30 00:03:24.446647500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2a01:4f8:161:3ec::53
2017-05-30 00:03:24.452158500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2a01:4f8:161:3ec::53
2017-05-30 00:03:24.457540500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2a01:4f8:161:3ec::53
2017-05-30 00:03:24.691478500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 203.137.119.119
2017-05-30 00:03:24.698210500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1
2017-05-30 00:03:24.731290500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1
2017-05-30 00:03:24.950555500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 203.137.119.119
2017-05-30 00:03:24.953444500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 203.137.119.119
2017-05-30 00:03:24.992109500 [1496095404] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1
2017-05-30 00:03:25.202152500 [1496095405] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1
2017-05-30 00:03:25.229939500 [1496095405] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 203.137.119.119
2017-05-30 00:03:25.253539500 [1496095405] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 203.137.119.119
2017-05-30 00:03:25.462916500 [1496095405] unbound[4398:0] error: tcp  
sendmsg: Broken pipe for 203.137.119.119

Bonus: only my own unbound-1.6.2 @cheap hosted virtual machines can't resolve,
Debian Jessie Distribution unbound + bind work "@cheap hosted virtual  
machines" :-/

Ideas?

The owner of kernel-error.de will change it's domain in the next time.
I ask him to freeze the configuration some days until I understand why  
my resolver fail.

Thanks,
Andreas