Unbound not giving ANSWER SECTION for some hosts
Wouter Wijngaards
wouter at nlnetlabs.nl
Thu Jul 19 12:04:33 UTC 2018
Hi Oliver,
I see that this is a referral. The upstream service does not resolve
github properly and this is what they return for that query? Unbound
will then accept it and store it (I can imagine that this changed
between the older version and today), but it looks like this is
something that the forward-zone addresses are returning wrongly.
Best regards, Wouter
On 19/07/18 13:38, Oliver Psotta via Unbound-users wrote:
> Hi all,
>
> I have the problem with Unbound Version 1.7.3, compiled on FreeBSD 11.2,
> that it won't give the ANSWER SECTION for some hosts, like github.com.
>
>
> For most hosts it will resolve properly and give this for example:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56138
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
>
> But for github.com it will give this:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57234
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 9
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;github.com. IN A
>
> ;; AUTHORITY SECTION:
> github.com. 169039 IN NS ns-1707.awsdns-21.co.uk.
> github.com. 169039 IN NS ns-1283.awsdns-32.org.
> github.com. 169039 IN NS ns4.p16.dynect.net.
> github.com. 169039 IN NS ns2.p16.dynect.net.
> github.com. 169039 IN NS ns-421.awsdns-52.com.
> github.com. 169039 IN NS ns1.p16.dynect.net.
> github.com. 169039 IN NS ns3.p16.dynect.net.
> github.com. 169039 IN NS ns-520.awsdns-01.net.
>
> ;; ADDITIONAL SECTION:
> ns1.p16.dynect.net. 43283 IN A 208.78.70.16
> ns2.p16.dynect.net. 80767 IN A 204.13.250.16
> ns3.p16.dynect.net. 80767 IN A 208.78.71.16
> ns4.p16.dynect.net. 80767 IN A 204.13.251.16
> ns-421.awsdns-52.com. 80479 IN A 205.251.193.165
> ns-520.awsdns-01.net. 80479 IN A 205.251.194.8
> ns-1707.awsdns-21.co.uk. 80479 IN A 205.251.198.171
> ns-1707.awsdns-21.co.uk. 166614 IN AAAA 2600:9000:5306:ab00::1
>
> ;; Query time: 179 msec
> ;; SERVER: 192.168.20.38#53(192.168.20.38)
> ;; WHEN: Thu Jul 19 12:43:36 CEST 2018
> ;; MSG SIZE rcvd: 399
>
>
> The unbound.conf is simple enough:
> server:
> interface: 0.0.0.0
> access-control: 192.168.20.0/8 allow
> access-control: 192.168.179.0/8 allow
> private-address: 192.168.20.0/8
> private-address: 192.168.179.0/8
> verbosity: 1
>
> forward-zone:
> name: "."
> forward-addr: 85.214.20.141 # Digitalcourage
> forward-addr: 46.182.19.48 # Digitalcourage
> forward-addr: 194.150.168.168 # AS250.net Foundation
>
>
> This looks like a bug, for this unbound.conf works properly with
> Unbound Version 1.5.10 on the same machine.
>
> Hints to solve that are appreciated. Thanks!
>
> Best regards
> Oliver
More information about the Unbound-users
mailing list