Unbound randomly fails to resolve names

Oliver Psotta oliver.psotta at posteo.de
Mon Jul 20 18:50:58 UTC 2020


Hi George,

I'm also suffering from this strange fail -- since years.
It's become noticeable better with 1.9.x though.

Ususally, if the result is not in the cache, it takes a minute or two
to finally get the resolution. Not sure if it's become better with the
update or with changing dns servers. It happens randomly, even with
common domains, and not too often.

My unbound.conf also uses "use-caps-for-id: yes", because of this guide:
https://calomel.org/unbound_dns.html

I'm following with interest if this was the cause! ;-)

Best Regards
Oliver


On Mon, 20 Jul 2020 16:08:44 +0200
George Thessalonikefs via Unbound-users
<unbound-users at lists.nlnetlabs.nl> wrote:

> Hi Ray, Andi,
> 
> I see from Ray's log that use-caps-for-id: is enabled.
> I also see that the forwarding resolvers used seem to have an issue
> with 0x20 replies (use-caps-for-id related).
> 
> For example:
> When unbound asks for an.ExaMple.domAin.NeT and the record is not
> cached in the forwarder, the answer will contain the correct case.
> Afterwards, when the answer is cached, the wrong casing (always
> lowercase) will be used, and until the TTL expires I assume. This
> results in a mismatch between query and reply if use-caps-for-id is
> used.
> 
> Unbound's fallback may or may not help at that time. From your log I
> see that the fallback does not help (returns SERVFAIL after some
> further tries) and consecutive queries try without 0x20.
> 
> I will try to reach the people involved but for now turning off
> use-caps-for-id should help.
> 
> Let us know how it goes.
> 
> Best regards,
> -- George
> 
>


More information about the Unbound-users mailing list