On Thu, 15 Sep 2011, Robert Fleischman wrote:
Using unbound 1.4.12,
dig -t ns dir.slb.com.
It does not return, it returns instantly against bind. :-|
A few things:
1. That name has a lot of NS answers (7000+ byte reply) according to
ns3.slb.com. It appears to return a truncated answer and then forces
clients (and probably unbound) to retry using TCP.
It works against my unbound-1.4.13 (open to use at 193.110.157.136).
It does fallback to tcp. The dns ns set from hell is returned.
clearly,
2. unbound doesn't return. The query runs for hours/days/forever,
inside unbound. It doesn't time-out! Digging into
env->mesh->all.root and seen 100's of answers, and yet no response.
Is it waiting for a COMPLETE answer? Even though it has a huge answer
already?
Various harden options might make it try a lot of entries before returning.
The only cases I know of unbound not returning an answer is if your loglevel
is so high that your disk cannot keep up with the queries.
3. dig to Google (8.8.8.8) goes to tcp and doesn't return an answer either!
That I see as well.
Paul
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
