Unbound reply with an empty A record, can it be converted to SERVFAIL?

Eliezer Croitoru eliezer at ngtech.co.il
Sun Jan 20 19:19:55 UTC 2019


Hey,

I have couple DNS servers In my network and I do not know how to handle this
specific issue.
The client server uses Dnsmasq as a DNS proxy and the upstream servers are
two unbound servers.
Last week for some reason the network traffic of one of the unbound
recursive servers was severed to the outer world.
1 - ...53
2 - ...153

Dnsmasq  - ...51

In turn dnsmasq ran a query against the second unbound service ...153 and
for some reason it returned an empty A record for every request.
>From dnsmasq point of view it's a valid response and there for do not run
another query against server 2 ...53 .
I would prefer that a SERVFAIL or another way Dnsmasq will be notified that
this specific unbound instance cannot answer the query.
If dnsmasq will know that fact it will retry against the next server.

Any recommendations are more than welcome.

Thanks,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il






More information about the Unbound-users mailing list