<html><head></head><body>Hi Stephane,<br><br>die you check the output from<br><br>unbound-control lookup assemblee-nationale.fr<br><br>?<br><br>I occasionally have similar issues with my setup when a domain changes its nameservers. If I recall correctly, this is due to the domain's old nameserver to be asked being cached. The command from above may show the issue.<br><br>Cheers<br><br><div class="gmail_quote">Am 19. Februar 2020 09:07:44 MEZ schrieb Stephane Bortzmeyer via Unbound-users <unbound-users@lists.nlnetlabs.nl>:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">I thought I knew the DNS but apparently I don't.<br><br>Yesterday, around 1030 UTC the domain assemblee-nationale.fr had an<br>issue: the IP address of its nameservers changed. The "new"<br>nameservers served a different NS set. The problem is now fixed since<br>yesterday, around 1200 UTC . The TTL of the wrong information was only<br>300 seconds. Therefore, it should have disappeared by now. But it is<br>not the case:<br><br>% dig NS assemblee-nationale.fr<br><br>; <<>> DiG 9.11.5-P4-5.1-Debian <<>> NS assemblee-nationale.fr<br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56522<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags: do; udp: 4096<br>;; QUESTION SECTION:<br>;assemblee-nationale.fr. IN NS<br><br>;; ANSWER SECTION:<br>assemblee-nationale.fr. 300 IN NS ns1432.ztomy.com.<br>assemblee-nationale.fr. 300 IN NS ns2432.ztomy.com.<br><br>;; Query time: 495 msec<br>;; SERVER: ::1#53(::1)<br>;; WHEN: Wed Feb 19 09:01:12 CET 2020<br>;; MSG SIZE rcvd: 102<br><br>The correct NS set is ns{0,1,2}.fr.claradns.net, as you can see in the<br>delegation (which did not change). Why is it not picked?<br><br>It is as if the resolver does not return to the parent and, when the<br>TTL expires, queries again the wrong nameservers.<br><br>[::1 is Unbound Version 1.9.0 linked libs: libevent 2.1.8-stable (it<br>uses epoll), OpenSSL 1.1.1d 10 Sep 2019]<br><br>[Restarting Unbound solves the problem.]<br></pre></blockquote></div></body></html>