[Unbound-users] Unbound answering SERVFAIL
wouter at NLnetLabs.nl
Tue Mar 17 08:05:29 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Ondřej Surý wrote:
> 2009/3/16 Cédric Girard <girard.cedric at gmail.com>:
>> 2009/3/16 Ondřej Surý <ondrej at sury.org>
>>> Hi Cédric,
>>> does 192.168.2.2 serve . zone?
>> No it does not. But (I'll double check) I'm not sure Unbound try to contact
>> the authoritative server.
> According to the logfile Unbound is trying to prime root servers. And you
> specified servers for . in your db.root file and not servers for test, so you
> need to have full delegation path from '.' to your test zone.
>> Also it was working fine with BIND. Do they have a different behavior on
>> that point ?
> It's very much possible.
Yes, that is correct. It seems like BIND is using the safety belt
(RFC1034) when priming fails, where unbound gives up when root priming
I think what you want is a stub-zone setup; here you can avoid your
This is basically the same as the root-hints you have, but the
stub-prime: no setting makes it skip the priming step that is failing now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Unbound-users