Disabling TCP use causes issues?

RayG rgsub1 at btinternet.com
Thu Aug 2 15:15:39 UTC 2018 

I decided to try using unbound without enabling TCP so I set "do-tcp: no"

 

Then I was using the program I have to copy over the settings file and this
includes obtaining any updated roots.hints file from
<ftp://ftp.internic.net> ftp.internic.net as
"ftp://ftp.internic.net/domain/named.cache"

 

However when I ran the program I was not able for some time, to reach the
site.

 

I enabled verbose level 4 and I have a log from:

 

02/08/2018 15:19:41 C:\Program Files\Unbound\unbound.exe[9192:0] info: start
of service (unbound 1.7.4_20180716).

 

At the start I was getting:

 

C:\Program Files\Unbound>dig ftp.internic.net <ftp://ftp.internic.net> 

 

; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net> 

;; global options: +cmd

;; connection timed out; no servers could be reached

 

Returned from DIG.

 

This carried on for some time until the response changed from the above to:

 

C:\Program Files\Unbound>dig ftp.internic.net <ftp://ftp.internic.net> 

 

; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net> 

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50179

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;ftp.internic.net.              IN      A

 

;; Query time: 0 msec

;; SERVER: ::1#53(::1)

;; WHEN: Thu Aug 02 15:30:31 GMT Summer Time 2018

;; MSG SIZE  rcvd: 45

 

And then a bit later on I got:

 

; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net> 

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37661

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;ftp.internic.net.              IN      A

 

;; ANSWER SECTION:

ftp.internic.net <ftp://ftp.internic.net> .       1035    IN      CNAME
internicftp.vip.icann.org.

internicftp.vip.icann.org. 1036 IN      A       192.0.47.9

 

;; Query time: 31 msec

;; SERVER: ::1#53(::1)

;; WHEN: Thu Aug 02 15:33:38 GMT Summer Time 2018

;; MSG SIZE  rcvd: 100

 

The log is some 2.2MB so I did not want to attach is to this post

 

Here are what I hope are some salient clues from the log:

 

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
validator operate: query c.gtld-servers.net. A IN

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
querying for next missing target

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
return error response SERVFAIL

 

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
validator operate: query c.gtld-servers.net. A IN

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
validator: nextmodule returned

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
cannot validate non-answer, rcode SERVFAIL

 

02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
request has dependency depth of 5

02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
request has exceeded the maximum dependency depth with depth of 5

02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
return error response SERVFAIL

 

02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
processQueryTargets: targetqueries 0, currentqueries 0 sentcount 33

02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
request has exceeded the maximum number of sends with 33

02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
return error response SERVFAIL

 

>From the configuration file:

 

                # Enable IPv4, "yes" or "no".

                do-ip4: yes

 

                # Enable IPv6, "yes" or "no".

                do-ip6: yes

 

                # Enable UDP, "yes" or "no".

                do-udp: yes

 

                # Enable TCP, "yes" or "no".

                do-tcp: no

 

I also notice some of these lines in the log but TCP is not enabled?:

 

02/08/2018 15:19:56 C:\Program Files\Unbound\unbound.exe[9192:1] debug: tcp
error for address ip4 199.254.50.1 port 53 (len 16)

02/08/2018 15:21:08 C:\Program Files\Unbound\unbound.exe[9192:1] debug: tcp
error for address ip6 2620:74:19::33 port 53 (len 28)

 

Any thoughts?

 

Regards

Ray

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180802/250c31ed/attachment.htm>

More information about the Unbound-users mailing list