[Unbound-users] Broken DNS or broken Unbound?
anandb at ripe.net
Sat Dec 17 00:04:11 UTC 2011
On 16/12/2011 19:32, Mike Cardwell wrote:
> Can anyone explain what is going on with the domain matt.io? I'm
> running Unbound 1.4.9 and have it set up to do DNSSEC validation.
> "dig matt.io" SERVFAIL's, however "dig +cd matt.io" works fine.
> This domain doesn't have DNSSEC on it though... I also noticed that
> when I attempt to look up the NS records, all it returns is a
> CNAME. Is that valid?
> Is matt.io's DNS configuration broken, or is Unbound broken?
The DNS setup of matt.io is broken. They've made the well-known
mistake of mixing a CNAME record with other records:
; <<>> DiG 9.7.3-P3 <<>> +norec ns matt.io @DNS1.NAME-SERVICES.COM
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17082
;; flags: qr aa; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 5
;; QUESTION SECTION:
;matt.io. IN NS
;; ANSWER SECTION:
matt.io. 1800 IN CNAME eb.blagomatic.com.
matt.io. 3600 IN NS dns1.name-services.com.
matt.io. 3600 IN NS dns2.name-services.com.
matt.io. 3600 IN NS dns3.name-services.com.
matt.io. 3600 IN NS dns4.name-services.com.
matt.io. 3600 IN NS dns5.name-services.com.
More information about the Unbound-users