Unbound not giving ANSWER SECTION for some hosts

Wouter Wijngaards wouter at nlnetlabs.nl
Thu Jul 19 12:04:33 UTC 2018


Hi Oliver,

I see that this is a referral.  The upstream service does not resolve
github properly and this is what they return for that query?  Unbound
will then accept it and store it (I can imagine that this changed
between the older version and today), but it looks like this is
something that the forward-zone addresses are returning wrongly.

Best regards, Wouter


On 19/07/18 13:38, Oliver Psotta via Unbound-users wrote:
> Hi all,
>
> I have the problem with Unbound Version 1.7.3, compiled on FreeBSD 11.2,
> that it won't give the ANSWER SECTION for some hosts, like github.com.
>
>
> For most hosts it will resolve properly and give this for example:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56138
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
>
> But for github.com it will give this:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57234
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 9
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;github.com.			IN	A
>
> ;; AUTHORITY SECTION:
> github.com.		169039	IN	NS	ns-1707.awsdns-21.co.uk.
> github.com.		169039	IN	NS	ns-1283.awsdns-32.org.
> github.com.		169039	IN	NS	ns4.p16.dynect.net.
> github.com.		169039	IN	NS	ns2.p16.dynect.net.
> github.com.		169039	IN	NS	ns-421.awsdns-52.com.
> github.com.		169039	IN	NS	ns1.p16.dynect.net.
> github.com.		169039	IN	NS	ns3.p16.dynect.net.
> github.com.		169039	IN	NS	ns-520.awsdns-01.net.
>
> ;; ADDITIONAL SECTION:
> ns1.p16.dynect.net.	43283	IN	A	208.78.70.16
> ns2.p16.dynect.net.	80767	IN	A	204.13.250.16
> ns3.p16.dynect.net.	80767	IN	A	208.78.71.16
> ns4.p16.dynect.net.	80767	IN	A	204.13.251.16
> ns-421.awsdns-52.com.	80479	IN	A	205.251.193.165
> ns-520.awsdns-01.net.	80479	IN	A	205.251.194.8
> ns-1707.awsdns-21.co.uk. 80479	IN	A	205.251.198.171
> ns-1707.awsdns-21.co.uk. 166614	IN	AAAA	2600:9000:5306:ab00::1
>
> ;; Query time: 179 msec
> ;; SERVER: 192.168.20.38#53(192.168.20.38)
> ;; WHEN: Thu Jul 19 12:43:36 CEST 2018
> ;; MSG SIZE  rcvd: 399
>
>
> The unbound.conf is simple enough:
> server:
> 	interface: 0.0.0.0
> 	access-control: 192.168.20.0/8 allow 
> 	access-control: 192.168.179.0/8 allow 
> 	private-address: 192.168.20.0/8
> 	private-address: 192.168.179.0/8
> 	verbosity: 1
>
> forward-zone:
> 	name: "."
> 	forward-addr: 85.214.20.141		# Digitalcourage
> 	forward-addr: 46.182.19.48		# Digitalcourage
> 	forward-addr: 194.150.168.168	# AS250.net Foundation
>
>
> This looks like a bug, for this unbound.conf works properly with
> Unbound Version 1.5.10 on the same machine.
>
> Hints to solve that are appreciated. Thanks!
>
> Best regards
> Oliver





More information about the Unbound-users mailing list