subject:"Disabling TCP use causes issues\?"

RE: Disabling TCP use causes issues?

2018-08-03 Thread RayG via Unbound-users

Hello Petr,

OK thanks for that info - I re-enabled it anyway so things worked. 
 
Two things arise here then:
 
1). If TCP is disabled then why is unbound trying to use it. (but irrelevant 
really)
 
2). Perhaps the more relevant one is: If TCP & UDP are required for full 
functionality, do we need the options in the configuration file in the first 
place.
 
# Enable UDP, "yes" or "no".
do-udp: yes
 
# Enable TCP, "yes" or "no".
do-tcp: yes
 
Perhaps they should both be removed if it is mandatory.

Regards
Ray




-Original Message-
From: Petr Špaček  
Sent: 02 August 2018 16:53
To: unbound-users@unbound.net
Subject: Re: Disabling TCP use causes issues?

Hello Ray,

in general TCP is mandatory for proper DNS operation so I would recommend you 
not to waste time on non-TCP DNS. It will just break in various situations as 
you saw yourself.


Please see standard
https://tools.ietf.org/html/rfc7766
which reinforces mandate for TCP support in DNS:


  DNS Transport over TCP - Implementation Requirements

Abstract

   This document specifies the requirement for support of TCP as a
   transport protocol for DNS implementations and provides guidelines ..


1.  Introduction

   This document therefore updates the core DNS protocol specifications
   such that support for TCP is henceforth a REQUIRED part of a full DNS
   protocol implementation.

..

I hope it clarifies state of DNS in 2018.

Petr Špaček  @  CZ.NIC


On 2.8.2018 17:15, RayG via Unbound-users wrote:
> I decided to try using unbound without enabling TCP so I set “do-tcp: no”
> 
>  
> 
> Then I was using the program I have to copy over the settings file and 
> this includes obtaining any updated roots.hints file from 
> ftp.internic.net <ftp://ftp.internic.net> as 
> “ftp://ftp.internic.net/domain/named.cache“
> 
>  
> 
> However when I ran the program I was not able for some time, to reach 
> the site.
> 
>  
> 
> I enabled verbose level 4 and I have a log from:
> 
>  
> 
> 02/08/2018 15:19:41 C:\Program Files\Unbound\unbound.exe[9192:0] info:
> start of service (unbound 1.7.4_20180716).
> 
>  
> 
> At the start I was getting:
> 
>  
> 
> C:\Program Files\Unbound>dig ftp.internic.net <ftp://ftp.internic.net>
> 
>  
> 
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net>
> 
> ;; global options: +cmd
> 
> ;; connection timed out; no servers could be reached
> 
>  
> 
> Returned from DIG.
> 
>  
> 
> This carried on for some time until the response changed from the above to:
> 
>  
> 
> C:\Program Files\Unbound>dig ftp.internic.net <ftp://ftp.internic.net>
> 
>  
> 
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net>
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50179
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
>  
> 
> ;; OPT PSEUDOSECTION:
> 
> ; EDNS: version: 0, flags:; udp: 4096
> 
> ;; QUESTION SECTION:
> 
> ;ftp.internic.net.  IN  A
> 
>  
> 
> ;; Query time: 0 msec
> 
> ;; SERVER: ::1#53(::1)
> 
> ;; WHEN: Thu Aug 02 15:30:31 GMT Summer Time 2018
> 
> ;; MSG SIZE  rcvd: 45
> 
>  
> 
> And then a bit later on I got:
> 
>  
> 
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net <ftp://ftp.internic.net>
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37661
> 
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 
> 1
> 
>  
> 
> ;; OPT PSEUDOSECTION:
> 
> ; EDNS: version: 0, flags:; udp: 4096
> 
> ;; QUESTION SECTION:
> 
> ;ftp.internic.net.  IN  A
> 
>  
> 
> ;; ANSWER SECTION:
> 
> ftp.internic.net <ftp://ftp.internic.net>.   1035IN  CNAME 
> internicftp.vip.icann.org.
> 
> internicftp.vip.icann.org. 1036 IN  A   192.0.47.9
> 
>  
> 
> ;; Query time: 31 msec
> 
> ;; SERVER: ::1#53(::1)
> 
> ;; WHEN: Thu Aug 02 15:33:38 GMT Summer Time 2018
> 
> ;; MSG SIZE  rcvd: 100
> 
>  
> 
> The log is some 2.2MB so I did not want to attach is to this post
> 
>  
> 
> Here are what I hope are some salient clues from the log:
> 
>  
> 
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
> validator operate: query c.gtld-servers.net. A IN
> 
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> querying for next missing ta

Re: Disabling TCP use causes issues?

2018-08-02 Thread Petr Špaček via Unbound-users

Hello Ray,

in general TCP is mandatory for proper DNS operation so I would
recommend you not to waste time on non-TCP DNS. It will just break in
various situations as you saw yourself.


Please see standard
https://tools.ietf.org/html/rfc7766
which reinforces mandate for TCP support in DNS:


  DNS Transport over TCP - Implementation Requirements

Abstract

   This document specifies the requirement for support of TCP as a
   transport protocol for DNS implementations and provides guidelines
...


1.  Introduction

   This document therefore updates the core DNS protocol specifications
   such that support for TCP is henceforth a REQUIRED part of a full DNS
   protocol implementation.

...

I hope it clarifies state of DNS in 2018.

Petr Špaček  @  CZ.NIC


On 2.8.2018 17:15, RayG via Unbound-users wrote:
> I decided to try using unbound without enabling TCP so I set “do-tcp: no”
> 
>  
> 
> Then I was using the program I have to copy over the settings file and
> this includes obtaining any updated roots.hints file from
> ftp.internic.net  as
> “ftp://ftp.internic.net/domain/named.cache“
> 
>  
> 
> However when I ran the program I was not able for some time, to reach
> the site.
> 
>  
> 
> I enabled verbose level 4 and I have a log from:
> 
>  
> 
> 02/08/2018 15:19:41 C:\Program Files\Unbound\unbound.exe[9192:0] info:
> start of service (unbound 1.7.4_20180716).
> 
>  
> 
> At the start I was getting:
> 
>  
> 
> C:\Program Files\Unbound>dig ftp.internic.net 
> 
>  
> 
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net 
> 
> ;; global options: +cmd
> 
> ;; connection timed out; no servers could be reached
> 
>  
> 
> Returned from DIG.
> 
>  
> 
> This carried on for some time until the response changed from the above to:
> 
>  
> 
> C:\Program Files\Unbound>dig ftp.internic.net 
> 
>  
> 
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net 
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50179
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
>  
> 
> ;; OPT PSEUDOSECTION:
> 
> ; EDNS: version: 0, flags:; udp: 4096
> 
> ;; QUESTION SECTION:
> 
> ;ftp.internic.net.  IN  A
> 
>  
> 
> ;; Query time: 0 msec
> 
> ;; SERVER: ::1#53(::1)
> 
> ;; WHEN: Thu Aug 02 15:30:31 GMT Summer Time 2018
> 
> ;; MSG SIZE  rcvd: 45
> 
>  
> 
> And then a bit later on I got:
> 
>  
> 
> ; <<>> DiG 9.12.2 <<>> ftp.internic.net 
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37661
> 
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> 
>  
> 
> ;; OPT PSEUDOSECTION:
> 
> ; EDNS: version: 0, flags:; udp: 4096
> 
> ;; QUESTION SECTION:
> 
> ;ftp.internic.net.  IN  A
> 
>  
> 
> ;; ANSWER SECTION:
> 
> ftp.internic.net .   1035    IN  CNAME  
> internicftp.vip.icann.org.
> 
> internicftp.vip.icann.org. 1036 IN  A   192.0.47.9
> 
>  
> 
> ;; Query time: 31 msec
> 
> ;; SERVER: ::1#53(::1)
> 
> ;; WHEN: Thu Aug 02 15:33:38 GMT Summer Time 2018
> 
> ;; MSG SIZE  rcvd: 100
> 
>  
> 
> The log is some 2.2MB so I did not want to attach is to this post
> 
>  
> 
> Here are what I hope are some salient clues from the log:
> 
>  
> 
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
> validator operate: query c.gtld-servers.net. A IN
> 
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> querying for next missing target
> 
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> return error response SERVFAIL
> 
>  
> 
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
> validator operate: query c.gtld-servers.net. A IN
> 
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> validator: nextmodule returned
> 
> 02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> cannot validate non-answer, rcode SERVFAIL
> 
>  
> 
> 02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> request has dependency depth of 5
> 
> 02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> request has exceeded the maximum dependency depth with depth of 5
> 
> 02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> return error response SERVFAIL
> 
>  
> 
> 02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> processQueryTargets: targetqueries 0, currentqueries 0 sentcount 33
> 
> 02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> request has exceeded the maximum number of sends with 33
> 
> 02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
> return error response SERVFAIL
> 
>  
> 
> From the configuration file:
> 
>  
> 
>     #

Disabling TCP use causes issues?

2018-08-02 Thread RayG via Unbound-users

I decided to try using unbound without enabling TCP so I set "do-tcp: no"

 

Then I was using the program I have to copy over the settings file and this
includes obtaining any updated roots.hints file from
 ftp.internic.net as
"ftp://ftp.internic.net/domain/named.cache;

 

However when I ran the program I was not able for some time, to reach the
site.

 

I enabled verbose level 4 and I have a log from:

 

02/08/2018 15:19:41 C:\Program Files\Unbound\unbound.exe[9192:0] info: start
of service (unbound 1.7.4_20180716).

 

At the start I was getting:

 

C:\Program Files\Unbound>dig ftp.internic.net  

 

; <<>> DiG 9.12.2 <<>> ftp.internic.net  

;; global options: +cmd

;; connection timed out; no servers could be reached

 

Returned from DIG.

 

This carried on for some time until the response changed from the above to:

 

C:\Program Files\Unbound>dig ftp.internic.net  

 

; <<>> DiG 9.12.2 <<>> ftp.internic.net  

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50179

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;ftp.internic.net.  IN  A

 

;; Query time: 0 msec

;; SERVER: ::1#53(::1)

;; WHEN: Thu Aug 02 15:30:31 GMT Summer Time 2018

;; MSG SIZE  rcvd: 45

 

And then a bit later on I got:

 

; <<>> DiG 9.12.2 <<>> ftp.internic.net  

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37661

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;ftp.internic.net.  IN  A

 

;; ANSWER SECTION:

ftp.internic.net  .   1035IN  CNAME
internicftp.vip.icann.org.

internicftp.vip.icann.org. 1036 IN  A   192.0.47.9

 

;; Query time: 31 msec

;; SERVER: ::1#53(::1)

;; WHEN: Thu Aug 02 15:33:38 GMT Summer Time 2018

;; MSG SIZE  rcvd: 100

 

The log is some 2.2MB so I did not want to attach is to this post

 

Here are what I hope are some salient clues from the log:

 

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
validator operate: query c.gtld-servers.net. A IN

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
querying for next missing target

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
return error response SERVFAIL

 

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info:
validator operate: query c.gtld-servers.net. A IN

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
validator: nextmodule returned

02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
cannot validate non-answer, rcode SERVFAIL

 

02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
request has dependency depth of 5

02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
request has exceeded the maximum dependency depth with depth of 5

02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
return error response SERVFAIL

 

02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
processQueryTargets: targetqueries 0, currentqueries 0 sentcount 33

02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
request has exceeded the maximum number of sends with 33

02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug:
return error response SERVFAIL

 

>From the configuration file:

 

# Enable IPv4, "yes" or "no".

do-ip4: yes

 

# Enable IPv6, "yes" or "no".

do-ip6: yes

 

# Enable UDP, "yes" or "no".

do-udp: yes

 

# Enable TCP, "yes" or "no".

do-tcp: no

 

I also notice some of these lines in the log but TCP is not enabled?:

 

02/08/2018 15:19:56 C:\Program Files\Unbound\unbound.exe[9192:1] debug: tcp
error for address ip4 199.254.50.1 port 53 (len 16)

02/08/2018 15:21:08 C:\Program Files\Unbound\unbound.exe[9192:1] debug: tcp
error for address ip6 2620:74:19::33 port 53 (len 28)

 

Any thoughts?

 

Regards

Ray

RE: Disabling TCP use causes issues?

Re: Disabling TCP use causes issues?

Disabling TCP use causes issues?

3 matches

Site Navigation

Mail list logo

Footer information