[Unbound-users] Problems with dipmap.com
Attila Nagy
bra at fsn.hu
Mon Sep 19 11:03:17 UTC 2011
Hi,
There is a problem with resolving names from dipmap.com with unbound.
Currently, the root NSs give back three nameservers, from which only one
works (at least from our network).
And that one has a bad NS RR:
$ dig ns dipmap.com @ns.dipmap.com.
; <<>> DiG 9.6.-ESV-R4-P1 <<>> ns dipmap.com @ns.dipmap.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25982
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;dipmap.com. IN NS
;; ANSWER SECTION:
dipmap.com. 60 IN NS sql2005.
It seems that unbound stores that nameserver and wants to query it, so
either a time out or a SERVFAIL happens to the client.
I thought that a recursive DNS server shouldn't cache NS records from
the zone's authoritative name server, it should only trust in the upper
servers.
ISC BIND doesn't have this behaviour -it seems-, so it can resolve names
from this domain.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20110919/21372d91/attachment.htm>
More information about the Unbound-users
mailing list