[Unbound-users] Strange SERVFAIL from unbound
lists at die.net
Tue Nov 18 10:45:57 UTC 2008
On Fri, 14 Nov 2008, W.C.A. Wijngaards wrote:
> Or how A records could time out while the AAAA do not.
> They have the same timeout value (4 hours).
So unbound just cares that it has a valid address for a given nameserver,
not that any of them are A, even if it wants to use IPv4? If so, this seems
The A and AAAA aren't looked up atomically, right? You might get one or the
other in additionals if there's room left in the packet, otherwise you have
to query for A and AAAA seperately? Isn't there a race condition here?
If I have "ip6: no" in the config, is there a reason it is handling AAAA at
And if it matters, zen.spamhaus.org is a strange zone, in that it is served
by rbldnsd in lazy/minimal-answers mode that doesn't bother to fill out an
authoritative section. This apparently saves a lot of bandwidth, and the
only claimed operational difference is that they have to wait longer for
recursive servers to notice nameserver changes.
> The 30 minutes sounds close to the 15 minute (900 second) default
> timeout on lameness detections.
I had it happen again and the outage lasted almost 4 hours, which more
closely matches the A/AAAA TTL. I didn't manage to do any manual lookups at
the time, and I didn't leave logging enabled over the weekend, as the logs
grow way too quickly on this active nameserver.
I'll set up a testbed to try and reproduce.
> If it happens again can you query with dig +norec a.ns.spamhaus.org ?
> And dig +norec +cdflag +dnssec a.ns.spamhaus.org ?
I tried this out while it was operating normally, and it showed different
TTLs on A and AAAA:
a.ns.spamhaus.org. 8871 IN A 18.104.22.168
a.ns.spamhaus.org. 8871 IN A 22.214.171.124
a.ns.spamhaus.org. 10299 IN AAAA 2001:7b8:3:1f:0:2:53:1
Also, only 3 of the nameservers offer either A or AAAA results with just
+norec. I have to add +cdflag +dnssec to get As for all 22 nameservers.
And for some reason, the AAAAs all have longer TTLs than the As.
More information about the Unbound-users