unbound fails to do reverse look ups
Carlo Wood
carlo at alinoe.com
Sat Oct 18 15:23:14 UTC 2025
Hi, thanks you for your reply.
The command
```
~>dig @f.in-addr-servers.arpa in-addr.arpa DNSKEY +dnssec +tcp +nosplit
+norecurse +mult ;; communications error to 193.0.9.1#53: end of file
;; communications error to 193.0.9.1#53: end of file
;; communications error to 193.0.9.1#53: end of file
; <<>> DiG 9.20.13 <<>> @f.in-addr-servers.arpa in-addr.arpa DNSKEY
+dnssec +tcp +nosplit +norecurse +mult ; (1 server found)
;; global options: +cmd
;; no servers could be reached
```
fails.
For your last command I get back:
```
~>dig @f.in-addr-servers.arpa. hostname.bind CH TXT +short "ns1.se-sto.authdns.ripe.net"
"ns2.pt-lis.authdns.ripe.net"
```
If this is indeed a firewall issue as Jan Komissar suggested then it
seems hard to find out which firewall that is :/. That is, I get an "end of file"
(it is pretty fast, not a real timeout). Aka, the connection is closed.
What packet should can I look at the closes the connection? Will that have
the address of the firewall, or address of the root server? I suspect the
latter, so that the only way to find out where this happens is with timing.
This is way above my pay grade however (to figure out what the "ping" is
using a +norecurse DNS query packet) :/...
Any ideas?
Carlo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20251018/08191a6e/attachment.bin>
More information about the Unbound-users
mailing list