[Unbound-users] SERVFAIL then proper reply

Paul Wouters paul at xelerance.com
Fri Jul 3 19:14:54 UTC 2009

On Fri, 3 Jul 2009, W.C.A. Wijngaards wrote:

> I think this is a result of a bug I already fixed, which barfed the
> security status after taking a query from the cache a second time.
> In your logs this seems to happen for in-addr.arpa.dlv.isc.org, which
> loses the secure status for its DLV answer, which in turn makes the
> DLV lookup error, which generates the servfail.  Why the second lookup
> then succeeds I do not understand.

Oh, just realised my resolver uses dnssec-conf, and will load trust anchors for
all the RIPE zones, so they don't go via DLV.

> I hope the bug is fixed in 1.3.1 (just with release candidate), otherwise I'd 
> like to look at a higher verbosity log for it.

1.3.0-1 in fedora should also have that fix incorperated.


More information about the Unbound-users mailing list