[Unbound-users] SERVFAIL and CNAME

Robert Fleischman rmf at fleischman.net
Fri Aug 19 14:53:38 UTC 2011

I have been having trouble resolving "www.balfour.com"

It appears that ns1.worldnic.com and ns2.worldnic.com (the NS for
www.balfour.com") is returning a CNAME response (pointing off to an
amazon'd name) with the SERVFAIL bit set in the header. It also
(according to dig) sometimes spits back a truncated response requiring
a TCP retry.

This combination of things makes unbound a bit upset.  I've seen
discussions of this here:


(My guess is that worldnic.com is running PowerDNS)

In practice, sometimes unbound returns the A record, sometimes not!
It appears other recursive servers are much more permissive here.


Is there a way to make Unbound "happier" about this name and semi-broken setup?


More information about the Unbound-users mailing list