Strange failure on XN--MGBA3A4F16A.
Paul Wouters
paul at nohats.ca
Thu May 16 18:53:35 UTC 2019
On Thu, 16 May 2019, John Levine via Unbound-users wrote:
> Date: Thu, 16 May 2019 14:36:27
> From: John Levine via Unbound-users <unbound-users at nlnetlabs.nl>
> To: unbound-users at nlnetlabs.nl
> Subject: Strange failure on XN--MGBA3A4F16A.
>
> I'm running unbound 1.9.1 from the FreeBSD package. I have dnssec
> validation turned on.
>
> When I try to look up the XN--MGBA3A4F16A. TLD, after a delay I get
> SERVFAIL.
Same for unbound 1.8.3, without running a local root.
A restart with enabled verbosity to see what's going on, of
course worked like a charm :/
Note the TTL is pretty short (1440, did someone confuse MTU for TTL?)
Manual checking:
# dig ns XN--MGBA3A4F16A. @a.nic.ir. time out
# dig ns XN--MGBA3A4F16A. @b.nic.ir. SERVFAIL,
# dig ns XN--MGBA3A4F16A. @ir.cctld.authdns.ripe.net. works.
I guess unbound's detection, in combination with the short TTL and
2 out of 3 failing servers, is causing this. But in theory, unbound
should be able to get a hold of this domain properly.....
Paul
More information about the Unbound-users
mailing list