[Unbound-users] problems resolving www.iana.org / ianawww.vip.icann.org

Daisuke HIGASHI daisuke.higashi at gmail.com
Sat Jun 18 14:56:46 UTC 2011


Leen Besselink wrote:

> Is it just me or is Unbound 1.4.7 not able to resolve www.iana.org /
ianawww.vip.icann.org right now ?

Unbound with DNSSEC validation not able to resolve www.iana.org.
BIND9 manages to do it but takes long time because of many timeouts.

It seems that all NS in vip.icann.org returns broken response for
DNSKEY query with UDP. BIND9 retries query with TCP and gets complete
DNSKEY but Unbound does not.

Despite vip.icann.org NS are broken, is Unbound behavior correct?

> dig @gtm1.lax.icann.org vip.icann.org DNSKEY +dnssec
;; connection timed out; no servers could be reached

> dig @gtm1.lax.icann.org vip.icann.org DNSKEY +tcp +dnssec
<very large DNSKEY RRSet and RRSIG>

 Daisuke HIGASHI <daisuke.higashi at gmail.com>

More information about the Unbound-users mailing list