Hello,
I’ve noticed that unbound (1.9.3, built from source) indicates SERVFAIL
in response to a cpfoo.com/NS query. (unbound-host -t NS cpfoo.com)
This same query returns a result from `dig +trace`.
Apparently unbound is doing:
./NS - to the root servers
com./A - to the root servers
cpfoo.com./A - to *.gtld-servers.net
cpfoo.com./NS - to cpfoo.com -> SERVFAIL
Putting aside why cpfoo.com is giving SERVFAIL, why does unbound ask
the server itself what its authoritative nameserver is? Wouldn’t
*.gtld-servers.net be where that query should go?
Thank you!
-Felipe Gasper
Mississauga, Ontario
