[Unbound-users] Unbound answering SERVFAIL
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Tue Mar 17 08:05:29 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Ondřej Surý wrote:
> 2009/3/16 Cédric Girard <girard.cedric at gmail.com>:
>> 2009/3/16 Ondřej Surý <ondrej at sury.org>
>>> Hi Cédric,
>> Hi,
>>> does 192.168.2.2 serve . zone?
>>
>> No it does not. But (I'll double check) I'm not sure Unbound try to contact
>> the authoritative server.
>
> According to the logfile Unbound is trying to prime root servers. And you
> specified servers for . in your db.root file and not servers for test, so you
> need to have full delegation path from '.' to your test zone.
>
>> Also it was working fine with BIND. Do they have a different behavior on
>> that point ?
>
> It's very much possible.
Yes, that is correct. It seems like BIND is using the safety belt
(RFC1034) when priming fails, where unbound gives up when root priming
fails.
I think what you want is a stub-zone setup; here you can avoid your
priming trouble:
stub-zone:
name: "."
stub-addr: 192.168.2.2
stub-prime: no
This is basically the same as the root-hints you have, but the
stub-prime: no setting makes it skip the priming step that is failing now.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkm/WcgACgkQkDLqNwOhpPgrzQCcDW0ZnKmDAab2JBDtPBZNNCEx
rNAAn0mvCNatMpSI3r2PCWuUQzmuasnt
=KlBs
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list