1000s of "SERVFAIL . . . service.arpa" messages

Fri, 10 Jan 2025 11:22:18 -0800 

Hello,

Happy new year everyone!

Since the beginning of October 2024 I have been seeing lots of these messages:

```
Oct  2 17:53:31 ipfire unbound: [15153:0] error: SERVFAIL 
<default.service.arpa. SOA IN>: all the configured stub or forward servers 
failed, at zone . from 149.112.112.112 got SERVFAIL
Oct  2 17:53:31 ipfire unbound: [15153:0] error: SERVFAIL <service.arpa. SOA 
IN>: all the configured stub or forward servers failed, at zone . from 
149.112.112.11 got SERVFAIL
Oct  2 17:53:32 ipfire unbound: [15153:0] error: SERVFAIL 
<_matter._tcp.default.service.arpa. PTR IN>: all the configured stub or forward 
servers failed, at zone . from 9.9.9.11 got SERVFAIL
Oct  2 17:53:40 ipfire unbound: [15153:0] error: SERVFAIL 
<_L1234._sub._matterc._udp.default.service.arpa. SOA IN>: all the configured 
stub or forward servers failed, at zone . from 149.112.112.11 got SERVFAIL
Oct  2 17:53:41 ipfire unbound: [15153:0] error: SERVFAIL 
<_sub._matterc._udp.default.service.arpa. SOA IN>: all the configured stub or 
forward servers failed, at zone . from 9.9.9.11 got SERVFAIL
Oct  2 17:53:41 ipfire unbound: [15153:0] error: SERVFAIL 
<_matterc._udp.default.service.arpa. SOA IN>: all the configured stub or 
forward servers failed, at zone . from 149.112.112.112 got SERVFAIL
Oct  2 17:53:42 ipfire unbound: [15153:0] error: SERVFAIL 
<_udp.default.service.arpa. SOA IN>: all the configured stub or forward servers 
failed, at zone . from 149.112.112.11 got SERVFAIL
Oct  2 17:53:42 ipfire unbound: [15153:0] error: SERVFAIL 
<_1234._sub._matterc._udp.default.service.arpa. PTR IN>: all the configured 
stub or forward servers failed, at zone . from 9.9.9.11 got SERVFAIL
Oct  2 17:53:52 ipfire unbound: [15153:0] error: SERVFAIL 
<1234567890123456-1234567890123456._matter._tcp.default.service.arpa. SRV IN>: 
all the configured stub or forward servers failed, at zone . from 
149.112.112.112 got SERVFAIL
Oct  2 17:53:52 ipfire unbound: [15153:0] error: SERVFAIL 
<1234567890123456-1234567890123456._matter._tcp.default.service.arpa. TXT IN>: 
all the configured stub or forward servers failed, at zone . from 
149.112.112.112 got SERVFAIL
```

There are 1000s of these messages "SERVFAIL . . . service.arpa" every week and 
144,028 messages since Oct 2, 2024.  Best I can these are all local DNS lookups 
and they are failing an external DNS lookup for "service.arpa".

This happens with unbound 1.21.0 and persists with unbound 1.22.0.

And I believe this is related to this:
https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-srp-25#section-10.1


So my ask, to stop "service.arpa" from escaping my local network, can 
"service.arpa" be added to the unbound code as a Special Use Domain Name 
similar to "home.arpa"?  


Best regards,
Jon

Reply via email to