Disabling TCP use causes issues?
RayG
rgsub1 at btinternet.com
Fri Aug 3 15:43:57 UTC 2018
Hello Petr,
OK thanks for that info - I re-enabled it anyway so things worked. 😊
Two things arise here then:
1). If TCP is disabled then why is unbound trying to use it. (but irrelevant really)
2). Perhaps the more relevant one is: If TCP & UDP are required for full functionality, do we need the options in the configuration file in the first place.
# Enable UDP, "yes" or "no".
do-udp: yes
# Enable TCP, "yes" or "no".
do-tcp: yes
Perhaps they should both be removed if it is mandatory.
Regards
Ray
-----Original Message-----
From: Petr Špaček <petr.spacek at nic.cz>
Sent: 02 August 2018 16:53
To: unbound-users at unbound.net
Subject: Re: Disabling TCP use causes issues?
Hello Ray,
in general TCP is mandatory for proper DNS operation so I would recommend you not to waste time on non-TCP DNS. It will just break in various situations as you saw yourself.
Please see standard
https://tools.ietf.org/html/rfc7766
which reinforces mandate for TCP support in DNS:
DNS Transport over TCP - Implementation Requirements
Abstract
This document specifies the requirement for support of TCP as a
transport protocol for DNS implementations and provides guidelines ..
1. Introduction
This document therefore updates the core DNS protocol specifications
such that support for TCP is henceforth a REQUIRED part of a full DNS
protocol implementation.
..
I hope it clarifies state of DNS in 2018.
Petr Špaček @ CZ.NIC
On 2.8.2018 17:15, RayG via Unbound-users wrote:
> I decided to try using unbound without enabling TCP so I set “do-tcp: no”
>
>
>
> Then I was using the program I have to copy over the settings file and
> this includes obtaining any updated roots.hints file from
> ftp.internic.net <ftp://ftp.internic.net> as
> “ftp://ftp.internic.net/domain/named.cache“
>
>
>
> However when I ran the program I was not able for some time, to reach
> the site.
>
>
>
> I enabled verbose level 4 and I have a log from:
>
>
>
> 02/08/2018 15:19:41 C:\Program Files\Unbound\unbound.exe[9192:0] info:
> start of service (unbound 1.7.4_20180716).
>
>
>
> At the start I was getting:
>
>
>
> C:\Program Files\Unbound>dig ftp.internic.net <ftp://ftp.internic.net>
>
>
>
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net>
>
> ;; global options: +cmd
>
> ;; connection timed out; no servers could be reached
>
>
>
> Returned from DIG.
>
>
>
> This carried on for some time until the response changed from the above to:
>
>
>
> C:\Program Files\Unbound>dig ftp.internic.net <ftp://ftp.internic.net>
>
>
>
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net>
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50179
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 4096
>
> ;; QUESTION SECTION:
>
> ;ftp.internic.net. IN A
>
>
>
> ;; Query time: 0 msec
>
> ;; SERVER: ::1#53(::1)
>
> ;; WHEN: Thu Aug 02 15:30:31 GMT Summer Time 2018
>
> ;; MSG SIZE rcvd: 45
>
>
>
> And then a bit later on I got:
>
>
>
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net>
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37661
>
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL:
> 1
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 4096
>
> ;; QUESTION SECTION:
>
> ;ftp.internic.net. IN A
>
>
>
> ;; ANSWER SECTION:
>
> ftp.internic.net <ftp://ftp.internic.net>. 1035 IN CNAME
> internicftp.vip.icann.org.
>
> internicftp.vip.icann.org. 1036 IN A 192.0.47.9
>
>
>
> ;; Query time: 31 msec
>
> ;; SERVER: ::1#53(::1)
>
> ;; WHEN: Thu Aug 02 15:33:38 GMT Summer Time 2018
>
> ;; MSG SIZE rcvd: 100
>
>
>
> The log is some 2.2MB so I did not want to attach is to this post
>
>
>
> Here are what I hope are some salient clues from the log:
>
>
>
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
> validator operate: query c.gtld-servers.net. A IN
>
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> querying for next missing target
>
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> return error response SERVFAIL
>
>
>
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
> validator operate: query c.gtld-servers.net. A IN
>
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> validator: nextmodule returned
>
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> cannot validate non-answer, rcode SERVFAIL
>
>
>
> 02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> request has dependency depth of 5
>
> 02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> request has exceeded the maximum dependency depth with depth of 5
>
> 02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> return error response SERVFAIL
>
>
>
> 02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> processQueryTargets: targetqueries 0, currentqueries 0 sentcount 33
>
> 02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> request has exceeded the maximum number of sends with 33
>
> 02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> return error response SERVFAIL
>
>
>
> From the configuration file:
>
>
>
> # Enable IPv4, "yes" or "no".
>
> do-ip4: yes
>
>
>
> # Enable IPv6, "yes" or "no".
>
> do-ip6: yes
>
>
>
> # Enable UDP, "yes" or "no".
>
> do-udp: yes
>
>
>
> # Enable TCP, "yes" or "no".
>
> do-tcp: no
>
>
>
> I also notice some of these lines in the log but TCP is not enabled?:
>
>
>
> 02/08/2018 15:19:56 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> tcp error for address ip4 199.254.50.1 port 53 (len 16)
>
> 02/08/2018 15:21:08 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> tcp error for address ip6 2620:74:19::33 port 53 (len 28)
>
>
>
> Any thoughts?
>
>
>
> Regards
>
> Ray
More information about the Unbound-users
mailing list