<div dir="ltr"><div dir="ltr">Hi,<div><br></div><div>It seems it's something related to IPv4 connectivity</div><div><br></div><div>My CIDR prefixes are not being delivered to destination via BGP (upstream failure)</div><div><br></div><div>This way responses from authoritative servers of <a href="http://nfs-e.net">nfs-e.net</a> domain doesn't return to local unbound</div><div><br></div><div>- - - </div><div><br></div><div>Why I'm saying this:</div><div><br></div><div><div><font face="monospace" style="background-color:rgb(255,242,204)">unbound:~# dig <a href="http://www.nfs-e.net">www.nfs-e.net</a></font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><br></font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">; <<>> DiG 9.10.3-P4-Ubuntu <<>> <a href="http://www.nfs-e.net">www.nfs-e.net</a></font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; global options: +cmd</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; Got answer:</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15680</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><br></font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; OPT PSEUDOSECTION:</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">; EDNS: version: 0, flags:; udp: 4096</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; QUESTION SECTION:</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;<a href="http://www.nfs-e.net">www.nfs-e.net</a>. IN A</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><br></font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; ANSWER SECTION:</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><a href="http://www.nfs-e.net">www.nfs-e.net</a>. 900 IN A 177.11.21.10</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><br></font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; AUTHORITY SECTION:</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><a href="http://nfs-e.net">nfs-e.net</a>. 3600 IN NS <a href="http://darwin.nfs-e.net">darwin.nfs-e.net</a>.</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><a href="http://nfs-e.net">nfs-e.net</a>. 3600 IN NS <a href="http://ns2.nfs-e.net">ns2.nfs-e.net</a>.</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><a href="http://nfs-e.net">nfs-e.net</a>. 3600 IN NS <a href="http://ns1.nfs-e.net">ns1.nfs-e.net</a>.</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><br></font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; ADDITIONAL SECTION:</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><a href="http://ns1.nfs-e.net">ns1.nfs-e.net</a>. 3600 IN A 177.11.20.10</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><a href="http://ns2.nfs-e.net">ns2.nfs-e.net</a>. 3600 IN A 177.11.20.20</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><a href="http://darwin.nfs-e.net">darwin.nfs-e.net</a>. 3600 IN A 189.28.42.146</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)"><br></font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; Query time: 4011 msec</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; SERVER: 127.0.0.1#53(127.0.0.1)</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; WHEN: Tue Mar 02 17:29:25 -04 2021</font></div><div><font face="monospace" style="background-color:rgb(255,242,204)">;; MSG SIZE rcvd: 163</font></div></div><div><br></div><div>After I changed BGP announcements to another upstream, servers 177.11.20.10 / 177.11.20.20 and 189.28.42.146 were able to answer my dig requests</div><div><br></div><div>Now I need to convince upstream provider to fix propagation of my public prefixes</div><div><br></div><div>Thank you for your attention</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter., 2 de mar. de 2021 às 17:23, Chriztoffer Hansen <<a href="mailto:ch@ntrv.dk">ch@ntrv.dk</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Tue, 2 Mar 2021 at 21:54, Paulo Roberto Tomasi via Unbound-users<br>
<<a href="mailto:unbound-users@lists.nlnetlabs.nl" target="_blank">unbound-users@lists.nlnetlabs.nl</a>> wrote:<br>
> Is there any verbose form of dig tool to give me a hint of what's happening when/where fail occurs?<br>
<br>
How is your authoritative set-up done? Same machine(s) with different<br>
public IP's?<br>
<br>
NSD/Coredns/PowerDNS/BIND as the authoritative DNS server? And unbound<br>
as a forwarder?<br>
<br>
-- <br>
Chriztoffer<br>
<br>
</blockquote></div>