NS “poison”?

Felipe Gasper felipe at felipegasper.com
Sun May 19 11:46:53 UTC 2019


	We’re looking to replace our “home-grown” DNS resolver with libunbound, and I’m seeing an issue that concerns me.

	When I query on [myaddon1.cpanelssltest.org/A], libunbound gives me a quick response.

	But if I query on [cpanelssltest.org/NS], then from the same context query [myaddon1.cpanelssltest.org/A], libunbound hangs. An strace shows that it’s sending queries to two unresponsive DNS servers (ns1.cpanel.net and ns2.cpanel.net) back and forth.

	Eventually all of this does time out. But it takes several minutes. Is there a control in libunbound’s configuration that would mitigate the long delay?

	I realize the DNS configuration is invalid, but because they’re under users’ control, DNS misconfigurations are a fact of life for us. A delay of several minutes could cause significant issues for us.

	Any insight or tips would be welcome. Thank you in advance!

-Felipe Gasper
Mississauga, Ontario

More information about the Unbound-users mailing list