servfail for stub-zones
A. Schulze
sca at andreasschulze.de
Mon Jun 30 09:54:34 UTC 2025
Hello,
an unbound instance have this configuration to answer an dnsbl with
data from a local rbldnsd:
server:
domain-insecure: "zen.spamhaus.org."
stub-zone:
name: "zen.spamhaus.org."
stub-addr: 192.0.2.1
stub-addr: 192.0.2.2
Also, I've "log-replies: yes"
I do expect logs with NOERROR or NXDOMAIN reply_codes. But I also see
0.01% SERVFAIL.
That's what I do not understand. What could be a reason for unbound's
answer "SERVFAIL"?
The only reason I'm aware /could/ be the fact, that rbldnsd never
answer via TCP.
But as far as I know, I can't tell unbound "this stub servers are
reachable via UDP only"
Andreas
More information about the Unbound-users
mailing list