[Unbound-users] Problems with dipmap.com

Attila Nagy bra at fsn.hu
Mon Sep 19 11:03:17 UTC 2011


There is a problem with resolving names from dipmap.com with unbound.
Currently, the root NSs give back three nameservers, from which only one 
works (at least from our network).
And that one has a bad NS RR:
$ dig ns dipmap.com @ns.dipmap.com.

; <<>> DiG 9.6.-ESV-R4-P1 <<>> ns dipmap.com @ns.dipmap.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25982
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;dipmap.com.                    IN      NS

dipmap.com.             60      IN      NS      sql2005.

It seems that unbound stores that nameserver and wants to query it, so 
either a time out or a SERVFAIL happens to the client.

I thought that a recursive DNS server shouldn't cache NS records from 
the zone's authoritative name server, it should only trust in the upper 
ISC BIND doesn't have this behaviour -it seems-, so it can resolve names 
from this domain.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20110919/21372d91/attachment.htm>

More information about the Unbound-users mailing list