[Unbound-users] SERVFAIL then proper reply
Paul Wouters
paul at xelerance.com
Fri Jul 3 19:14:54 UTC 2009
On Fri, 3 Jul 2009, W.C.A. Wijngaards wrote:
> I think this is a result of a bug I already fixed, which barfed the
> security status after taking a query from the cache a second time.
>
> In your logs this seems to happen for in-addr.arpa.dlv.isc.org, which
> loses the secure status for its DLV answer, which in turn makes the
> DLV lookup error, which generates the servfail. Why the second lookup
> then succeeds I do not understand.
Oh, just realised my resolver uses dnssec-conf, and will load trust anchors for
all the RIPE zones, so they don't go via DLV.
> I hope the bug is fixed in 1.3.1 (just with release candidate), otherwise I'd
> like to look at a higher verbosity log for it.
1.3.0-1 in fedora should also have that fix incorperated.
Paul
More information about the Unbound-users
mailing list