resolving result is flapping

Havard Eidnes he at uninett.no
Tue Oct 4 14:22:36 UTC 2022


> unbound tries to resolv 60.67.194.188.in-addr.arpa/PTR.
> Even on an empty cache, I see two different answers:
...
> The nameserver hosting 194.188.in-addr.arpa. are not fully EDNS
> compliant: https://ednscomp.isc.org/ednscomp/13b0b744f8
> May this be the reason?

That's unlikely to be the reason.

> Is there anything I could configure to avoid the random NXDOMAIN?

Not certain, but doubtful.  This looks like a publication-side error,
and the fix for that belongs at the publication side.

Letting https://dnsviz.net/ process 60.67.194.188.in-addr.arpa reveals
that a query to either of these name servers:

194.188.in-addr.arpa. 86399 IN NS ns01.registrar.kabel-deutschland.de.
194.188.in-addr.arpa. 86399 IN NS ns02.registrar.kabel-deutschland.de.

for 67.194.188.in-addr.arpa returns NXDOMAIN, while a query for the
PTR of 60.67.194.188.in-addr.arpa gives the presumably intended
result:

60.67.194.188.in-addr.arpa. 86400 IN PTR ipbcc2433c.dynamic.kabel-deutschland.de.

NXDOMAIN is the wrong response to the 67.194.188.in-addr.arpa query,
as it is a signal to the querier not only that the queried-for name
doesn't exist, but also that there is nothing "deeper" in the naming
tree below this name (which isn't true, ref. the PTR response for the
full name).  The correct response would most probably have been an
empty NODATA reply to the 67.194.188.in-addr.arpa query, as according
to the above PTR result that name would be "an empty non-terminal
node" and not a "nonexistent node" in the naming tree.

The query for the 67.194.188.in-addr.arpa name may be the result of
query minimization, though I would not recommend or suggest that you
turn that off if it's already enabled (as this has privacy implications).

Regards,

- Håvard


More information about the Unbound-users mailing list