Help about TLD not working

Paulo Roberto Tomasi pztomasi at gmail.com
Tue Mar 2 21:37:54 UTC 2021 

Hi,

It seems it's something related to IPv4 connectivity

My CIDR prefixes are not being delivered to destination via BGP (upstream
failure)

This way responses from authoritative servers of nfs-e.net domain doesn't
return to local unbound

- - -

Why I'm saying this:

unbound:~# dig www.nfs-e.net

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.nfs-e.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15680
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.nfs-e.net.                 IN      A

;; ANSWER SECTION:
www.nfs-e.net.          900     IN      A       177.11.21.10

;; AUTHORITY SECTION:
nfs-e.net.              3600    IN      NS      darwin.nfs-e.net.
nfs-e.net.              3600    IN      NS      ns2.nfs-e.net.
nfs-e.net.              3600    IN      NS      ns1.nfs-e.net.

;; ADDITIONAL SECTION:
ns1.nfs-e.net.          3600    IN      A       177.11.20.10
ns2.nfs-e.net.          3600    IN      A       177.11.20.20
darwin.nfs-e.net.       3600    IN      A       189.28.42.146

;; Query time: 4011 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 02 17:29:25 -04 2021
;; MSG SIZE  rcvd: 163

After I changed BGP announcements to another upstream, servers 177.11.20.10
/ 177.11.20.20 and 189.28.42.146 were able to answer my dig requests

Now I need to convince upstream provider to fix propagation of my public
prefixes

Thank you for your attention

Em ter., 2 de mar. de 2021 às 17:23, Chriztoffer Hansen <ch at ntrv.dk>
escreveu:

> On Tue, 2 Mar 2021 at 21:54, Paulo Roberto Tomasi via Unbound-users
> <unbound-users at lists.nlnetlabs.nl> wrote:
> > Is there any verbose form of dig tool to give me a hint of what's
> happening when/where fail occurs?
>
> How is your authoritative set-up done? Same machine(s) with different
> public IP's?
>
> NSD/Coredns/PowerDNS/BIND as the authoritative DNS server? And unbound
> as a forwarder?
>
> --
> Chriztoffer
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210302/99fe271f/attachment-0001.htm>

More information about the Unbound-users mailing list