Getting SERVFAIL when trying to reach .co.il domains

Joe Abley jabley at hopcount.ca
Thu Dec 31 12:33:01 UTC 2020


Hi Gil,

On Dec 31, 2020, at 12:23, Gil Levy via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:

> The tail log of the SERVFAIL can be found here: https://textuploader.com/185f0


Unless I'm missing something, that log seems to be mainly (entirely?) messages from dnsmasq. You probably want to see log messages from unbound to shed light on the events leading up to the SERVFAIL that dnsmasq is receiving from localhost.

If I was to guess I'd say that you have a full set of servers for some zone or other that is causing trouble, e.g. sending repeated SERVFAIL responses or timing out, and unbound is putting them all in the penalty box.

The trick in that case will be to determine whether the problem is local (e.g. a broken firewall or persistent local routing problem for IPv6) or remote (e.g. your resolver or the subnet it's numbered in has been blacklisted for some reason). 

But this is just wild speculation; you should see what the logs say.

Happy New Year in advance :-)


Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20201231/e6ee8b50/attachment.htm>


More information about the Unbound-users mailing list