Unbound randomly fails to resolve names

[George Thessalonikefs]

Hi Ray, Andi,

I see from Ray's log that use-caps-for-id: is enabled.
I also see that the forwarding resolvers used seem to have an issue with
0x20 replies (use-caps-for-id related).

For example:
When unbound asks for an.ExaMple.domAin.NeT and the record is not cached
in the forwarder, the answer will contain the correct case.
Afterwards, when the answer is cached, the wrong casing (always
lowercase) will be used, and until the TTL expires I assume. This
results in a mismatch between query and reply if use-caps-for-id is used.

Unbound's fallback may or may not help at that time. From your log I see
that the fallback does not help (returns SERVFAIL after some further
tries) and consecutive queries try without 0x20.

I will try to reach the people involved but for now turning off
use-caps-for-id should help.

Let us know how it goes.

Best regards,
-- George

On 17/07/2020 23:40, Andi via Unbound-users wrote:
> 
> Zitat von RayG via Unbound-users <unbound-users at lists.nlnetlabs.nl>:
> 
>> I did as requested and sent things in plain text but I have still had no
>> response from anyone?
>>
>> This issue is causing me issues every day and I would just like to get it
>> resolved one way or another.
>>
>> Any help or suggestions as to why Unbound is failing randomly would be of
>> help.
>>
>> I should add that not every failure is caught by the event log. At least
>> this shows that the failures are for a wide range of addresses:
> 
> Me too. Maybe...
> 
> As of now (23:34) two unbound instances fail to resolve cloudflare.net
> NS and anything using it as DNS service.
> 
> A "dig @127.0.0.1 cloudflare.net NS" lead to no servers could be
> reached, "dig @h.gtld-servers.net cloudflare.net NS" is working as
> expected. Nothing in the unboud log, and some minutes later all is
> working as expected again? In one case it is Ubuntu 16.04 with unbound
> 1.5.8, the other one unbound 1.6.7 both validating DNSSEC.
> 
> Regards
> 
> Andi
> 
> 
>