[Unbound-users] Problem with query
Paul Wouters
paul at xelerance.com
Thu Sep 15 20:36:26 UTC 2011
On Thu, 15 Sep 2011, Robert Fleischman wrote:
> Are you SURE your server returns? I just tried it with:
>
> dig +time=600 +tcp @193.110.157.136 -t ns dir.slb.com.
>
> And it doesn't return AT ALL. (That is a 10 minute wait time!!)
Seems you are right. An entry in my reslv.conf sneaked through to my bind
fallback server, which does anser with the hunderds of NS records, though
without any additional A records.
I ran: unbound-host dir.slb.com. -t NS -ddddd
but killed it after it had generated 100MB of data and was still looping.
bind does return pretty quickly, though it has no additional records at all.
dig ns dir.slb.com @ns3.slb.com. also shows how bogus that response is.
Many *.dir.slb.com nameservers, but not a single glue record.
> I don't have any "harden" stuff on. I do have:
>
> val-permissive-mode: yes
That disables all DNSSEC. Any good reason for that?
Paul
More information about the Unbound-users
mailing list