auth-zones and DNS NOTIFY

Eric Luehrsen ericluehrsen at gmail.com
Sun Jun 3 12:05:04 UTC 2018 

On 06/02/2018 10:44 AM, Harry Schmalzbauer via Unbound-users wrote:
> Am 17.04.2018 um 15:26 schrieb W.C.A. Wijngaards via Unbound-users:
>> Hi Harry,
>>
>> Yes, DNS NOTIFY is implemented in the current code repo version.  You
>> can specify additional sources with allow-notify.
> 
> Great, thanks a lot!.
> Found time to update some production systems, but unfortunately zone 
> transfer seem to work only initially, then I see these messages logged:
> unbound: [14927:0] error: ./services/authzone.c at 6102 could not 
> pthread_mutex_lock(&xfr->lock): Resource deadlock avoided
> unbound: [14927:0] error: ./services/authzone.c at 3454 could not 
> pthread_mutex_lock(&xfr->lock): Resource deadlock avoided
>> 
> Increasing log level to 3 doesn't show more useful.
> 
> After the error occurs, unbound returns "error response SERVFAIL" for 
> all queries which match stub-zones: and all quieries matching 
> auth-zones: get the old records (no xfer any more).
> 
> Any idea where the problem could come from?
> Will try to make all stub-zones auth-zones and see if that changes 
> anything....

Repeat by testing with auth-zone as a prefetch for root seems to yield 
similar results after 12 to 24 hours.

LOG
unbound: [18768:0] error: can't bind socket: Permission denied for ::

CONF
auth-zone:
   name: "."
   master: "lax.xfr.dns.icann.org"
   master: "iad.xfr.dns.icann.org"
   url: "http://www.internic.net/domain/root.zone"
   fallback-enabled: yes
   for-downstream: no
   for-upstream: yes
   zonefile: "root.zone"

auth-zone:
   name: "arpa"
   master: "lax.xfr.dns.icann.org"
   master: "iad.xfr.dns.icann.org"
   url: "http://www.internic.net/domain/arpa.zone"
   fallback-enabled: yes
   for-downstream: no
   for-upstream: yes
   zonefile: "arpa.zone"

auth-zone:
   name: "in-addr.arpa"
   master: "lax.xfr.dns.icann.org"
   master: "iad.xfr.dns.icann.org"
   url: "http://www.internic.net/domain/in-addr.arpa.zone"
   fallback-enabled: yes
   for-downstream: no
   for-upstream: yes
   zonefile: "in-addr.arpa.zone"

auth-zone:
   name: "ip6.arpa"
   master: "lax.xfr.dns.icann.org"
   master: "iad.xfr.dns.icann.org"
   url: "http://www.internic.net/domain/ip6.arpa.zone"
   fallback-enabled: yes
   for-downstream: no
   for-upstream: yes
   zonefile: "ip6.arpa.zone"

More information about the Unbound-users mailing list