On 29/03/11 13:16, W.C.A. Wijngaards wrote: > Hi Andrew, Paul, > > On 03/29/2011 02:11 PM, Andrew Hearn wrote: >> On 29/03/11 12:19, Paul Wouters wrote: >>> On Tue, 29 Mar 2011, Andrew Hearn wrote: >>> >>>> We have version 1.3.4 on a server and have an odd, intermittent, problem >>>> with looking up a particular record. >>>> >>>> We have other unbound and bind servers that don't have this problem. >>>> >>>> eg: >>>> >>>> [root@a log]# unbound-control flush farnell.com >>>> ok >>>> [root@a log]# dig uk.farnell.com @localhost >>> >>> That domain seems broken, at least from the "world view": >>> >>> [paul@bofh ~]$ dnscheck uk.farnell.com. >>> 0.000: uk.farnell.com. INFO Begin testing zone uk.farnell.com. with >>> version 1.2.1. >>> 0.000: uk.farnell.com. INFO Begin testing delegation for uk.farnell.com.. >>> 6.008: uk.farnell.com. INFO Name servers listed at parent: >>> dns1.cscdns.net,dns2.cscdns.net >>> 6.168: uk.farnell.com. ERROR Failed to find name servers of >>> uk.farnell.com./IN. >>> 6.168: uk.farnell.com. ERROR No name servers found at child. >>> 6.168: uk.farnell.com. INFO Done testing delegation for uk.farnell.com.. >>> 6.168: uk.farnell.com. CRITICAL Fatal error in delegation for zone >>> uk.farnell.com.. >>> 6.168: uk.farnell.com. INFO Test completed for zone uk.farnell.com.. >>> >>> If it works internally, perhaps one issue is that one of your servers >>> uses the external instead >>> of internal view? > > I think Paul is correct. > >> Thanks for the info, but I'm not sure this explains it, as: >> unbound-host uk.farnell.com -v >> always works, and gives answers, but >> dig uk.farnell.com @localhost >> is intermittent > >> Also, http://www.squish.net/dnscheck works each time we try > > That is because the first looking (has to) use the parent-side > delegation information. But with a cache the daemon on a second lookup > uses the child-side delegation information. unbound-host is a > commandline tool and does the first lookup of course. > > In unbound 1.4.5 the approach to deal with such broken domains was > changed significantly, making it more robust. It may work with this > broken domain. > > Or, you could unbreak the domain, fix it :-) > > Best regards, > Wouter
Thanks for the info Wouter. The domain is outside our control, but I'll upgrade our Unbound. Thanks again -- Andrew Hearn. AAISP Technical Support Team Leader Tel: 03333 400999 _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
