<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr">Hi Gil,</div><div dir="ltr"><br></div><div dir="ltr">On Dec 31, 2020, at 12:23, Gil Levy via Unbound-users <unbound-users@lists.nlnetlabs.nl> wrote:</div><div dir="ltr"><br><blockquote type="cite">The tail log of the SERVFAIL can be found here: <a href="https://textuploader.com/185f0">https://textuploader.com/185f0</a></blockquote></div><div dir="ltr"><br></div><div dir="ltr">Unless I'm missing something, that log seems to be mainly (entirely?) messages from dnsmasq. You probably want to see log messages from unbound to shed light on the events leading up to the SERVFAIL that dnsmasq is receiving from localhost.</div><div dir="ltr"><br></div><div dir="ltr">If I was to guess I'd say that you have a full set of servers for some zone or other that is causing trouble, e.g. sending repeated SERVFAIL responses or timing out, and unbound is putting them all in the penalty box.</div><div dir="ltr"><br></div><div dir="ltr">The trick in that case will be to determine whether the problem is local (e.g. a broken firewall or persistent local routing problem for IPv6) or remote (e.g. your resolver or the subnet it's numbered in has been blacklisted for some reason). </div><div dir="ltr"><br></div><div dir="ltr">But this is just wild speculation; you should see what the logs say.</div><div dir="ltr"><br></div><div dir="ltr">Happy New Year in advance :-)</div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">Joe</div></body></html>