Hallo, I have problems to resolve some names with unbound 1.4.7 (ldns 1.6.13) on Debian lenny. My old running maradns or asking the Google DNS runs fine. For example the webserver of NOAA:
============================================================ Ask my fresh started unbound (alias ip on ethX)... !root@urknall:/opt/unbound# dig +nodnssec gov. @192.168.0.16 ; <<>> DiG 9.6-ESV-R4 <<>> +nodnssec gov. @192.168.0.16 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13554 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;gov. IN A ;; AUTHORITY SECTION: gov. 86400 IN SOA a.usadotgov.net. nstld.verisign-grs.com. 1340643602 3600 900 1814400 86400 ;; Query time: 653 msec ;; SERVER: 192.168.0.16#53(192.168.0.16) ;; WHEN: Mon Jun 25 21:08:56 2012 ;; MSG SIZE rcvd: 94 !root@urknall:/opt/unbound# dig +nodnssec noaa.gov. @192.168.0.16 ; <<>> DiG 9.6-ESV-R4 <<>> +nodnssec noaa.gov. @192.168.0.16 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33920 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;noaa.gov. IN A ;; ANSWER SECTION: noaa.gov. 86400 IN A 140.90.200.21 noaa.gov. 86400 IN A 140.172.17.21 noaa.gov. 86400 IN A 129.15.96.21 ;; AUTHORITY SECTION: noaa.gov. 86400 IN NS ns-e.noaa.gov. noaa.gov. 86400 IN NS ns-nw.noaa.gov. noaa.gov. 86400 IN NS ns-mw.noaa.gov. ;; Query time: 1562 msec ;; SERVER: 192.168.0.16#53(192.168.0.16) ;; WHEN: Mon Jun 25 21:09:03 2012 ;; MSG SIZE rcvd: 133 !root@urknall:/opt/unbound# dig +nodnssec www.noaa.gov. @192.168.0.16 ; <<>> DiG 9.6-ESV-R4 <<>> +nodnssec www.noaa.gov. @192.168.0.16 ;; global options: +cmd ;; connection timed out; no servers could be reached ============================================================ Well, just ask uncle G... (NOAA uses load balancing?) !root@urknall:/opt/unbound/lib# dig +nodnssec www.noaa.gov. @8.8.8.8 ; <<>> DiG 9.6-ESV-R4 <<>> +nodnssec www.noaa.gov. @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50048 ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.noaa.gov. IN A ;; ANSWER SECTION: www.noaa.gov. 300 IN CNAME edge-hdq.woc.noaa.gov. edge-hdq.woc.noaa.gov. 300 IN CNAME edge-p1.l.noaa.gov. edge-p1.l.noaa.gov. 30 IN A 140.90.33.11 edge-p1.l.noaa.gov. 30 IN A 140.90.33.21 edge-p1.l.noaa.gov. 30 IN A 140.90.200.11 edge-p1.l.noaa.gov. 30 IN A 140.90.200.21 edge-p1.l.noaa.gov. 30 IN A 140.172.17.11 edge-p1.l.noaa.gov. 30 IN A 140.172.17.21 edge-p1.l.noaa.gov. 30 IN A 216.38.80.71 edge-p1.l.noaa.gov. 30 IN A 216.38.80.81 edge-p1.l.noaa.gov. 30 IN A 129.15.96.11 edge-p1.l.noaa.gov. 30 IN A 129.15.96.21 ;; Query time: 229 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jun 25 21:21:25 2012 ;; MSG SIZE rcvd: 241 ============================================================ And local maradns... (picks one A and changes TTL) ; <<>> DiG 9.6-ESV-R4 <<>> +nodnssec www.noaa.gov. @192.168.0.15 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56357 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.noaa.gov. IN A ;; ANSWER SECTION: www.noaa.gov. 900 IN CNAME edge-hdq.woc.noaa.gov. edge-hdq.woc.noaa.gov. 900 IN A 140.90.200.11 ;; Query time: 476 msec ;; SERVER: 192.168.0.15#53(192.168.0.15) ;; WHEN: Mon Jun 25 21:09:50 2012 ;; MSG SIZE rcvd: 73 ============================================================ Can anyone reproduce this? I havenĀ“t deliberately attached debug logs so far. Maybe unbound has nothing to do with it. Regards, saturas ------------------------------------------------- This message sent via VFEmail.net http://www.vfemail.net $14.95 Lifetime accounts! 15GB disk! Commercial Mail Options! No bandwidth quotas! _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
