Unbound randomly fails to resolve names

RayG rgsub1 at btinternet.com
Tue Jul 21 11:26:56 UTC 2020


Hi George, Oliver, Andi,

@George: Thanks for your reply.

I have made the adjustment we will see how it goes.

But as Oliver Psotta says at https://calomel.org/unbound_dns.html there are good reasons for having it enabled.

Also on the page: https://www.grc.com/dns/dns.htm there is a "Spoofabity" test which also suggests having mixed case is good.

There are also the TCP Errors e.g.:
21/07/2020 11:15:01 C:\Program Files\Unbound\unbound.exe[16308:0] debug: tcp error for address 1.0.0.1 port 853
These are unexplained so far as are some of the other entries like:
21/07/2020 10:41:40 C:\Program Files\Unbound\unbound.exe[16308:0] debug: request E.ROOT-SERVERS.NET. has exceeded the maximum number of glue fetches 65
21/07/2020 10:41:40 C:\Program Files\Unbound\unbound.exe[16308:0] debug: return error response SERVFAIL
And
21/07/2020 10:41:40 C:\Program Files\Unbound\unbound.exe[16308:0] debug: request has exceeded the maximum  number of nxdomain nameserver lookups with 13
21/07/2020 10:41:40 C:\Program Files\Unbound\unbound.exe[16308:0] debug: return error response SERVFAIL

All of which are still occurring, should they be happening?

Also I have been able to look back at some of my backup images these were all running the same way as currently and the event log messages like:

Level	Date and Time	Source	Event ID	Task Category
Warning	16/07/2020 15:48:44	Microsoft-Windows-DNS-Client	1014 (1014)	Name resolution for the name enews.synology.com timed out after none of the configured DNS servers responded.

Are present.

These started occurring after the release of V1.9.4. The event log on that backup image (which I am able to run as a virtual machine) did not contain any of the above errors.
So V1.9.4 was OK

Unfortunately between the above VM and the next one I can run there was V1.9.5 and the download file for that was dated at 19/11/2019
V1.9.6. download date was 12/12/2019 I can say that the above type of errors started appearing just after V1.9.5 was downloaded. I normally install the new version on the same day that I download it. So something happened somewhere between V1.9.4 and V1.9.5 and has been the same ever since. 

I hope that helps.

Thanks for any further information/comments

Ray
-----Original Message-----
From: George Thessalonikefs <george at nlnetlabs.nl> 
Sent: 20 July 2020 15:09
To: unbound-users at lists.nlnetlabs.nl
Subject: Re: Unbound randomly fails to resolve names

Hi Ray, Andi,

I see from Ray's log that use-caps-for-id: is enabled.
I also see that the forwarding resolvers used seem to have an issue with
0x20 replies (use-caps-for-id related).

For example:
When unbound asks for an.ExaMple.domAin.NeT and the record is not cached in the forwarder, the answer will contain the correct case.
Afterwards, when the answer is cached, the wrong casing (always
lowercase) will be used, and until the TTL expires I assume. This results in a mismatch between query and reply if use-caps-for-id is used.

Unbound's fallback may or may not help at that time. From your log I see that the fallback does not help (returns SERVFAIL after some further
tries) and consecutive queries try without 0x20.

I will try to reach the people involved but for now turning off use-caps-for-id should help.

Let us know how it goes.

Best regards,
-- George




More information about the Unbound-users mailing list