Unbound reply with an empty A record, can it be converted to SERVFAIL?
Ralph Dolmans
ralph at nlnetlabs.nl
Tue Jan 22 13:39:34 UTC 2019
Hi Eliezer,
I am not sure what you mean by empty A records. Unbound will already
return a SERVFAIL answer if it is not able to contact upstream, which
seems to be your desired behavior.
-- Ralph
On 20-01-19 20:19, Eliezer Croitoru via Unbound-users wrote:
> Hey,
>
> I have couple DNS servers In my network and I do not know how to handle this
> specific issue.
> The client server uses Dnsmasq as a DNS proxy and the upstream servers are
> two unbound servers.
> Last week for some reason the network traffic of one of the unbound
> recursive servers was severed to the outer world.
> 1 - ...53
> 2 - ...153
>
> Dnsmasq - ...51
>
> In turn dnsmasq ran a query against the second unbound service ...153 and
> for some reason it returned an empty A record for every request.
>>From dnsmasq point of view it's a valid response and there for do not run
> another query against server 2 ...53 .
> I would prefer that a SERVFAIL or another way Dnsmasq will be notified that
> this specific unbound instance cannot answer the query.
> If dnsmasq will know that fact it will retry against the next server.
>
> Any recommendations are more than welcome.
>
> Thanks,
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
More information about the Unbound-users
mailing list