-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Stephane,
On 12/12/2012 09:53 AM, Stephane Bortzmeyer wrote: > On Tue, Dec 11, 2012 at 11:57:29AM +0100, Stephane Bortzmeyer > <[email protected]> wrote a message of 28 lines which said: > >> When trying to get the IP address of www.ratp.fr, Unbound has an >> inconsistent behaviour. Sometimes, it works, sometimes it >> servfails. > > After more investigation: > > * the domain is delegated to two broken Web load balancers, > probably Radware Alteon (tested with another Alteon boxes) * a DANE > extension is installed in my Firefox and sends requests for > _443._tcp.www.ratp.fr * The incorrect response to these requests > (NXDOMAIN but without a SOA) seems to trigger the problem This should become a low-TTL NXDOMAIN for unbound. Do you have harden-nxdomain enabled? If so, the NXDOMAIN response stops queries underneath it. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQyFDSAAoJEJ9vHC1+BF+NRLsP/i882mJe2gdFWQmnJzeReKfl XIvYPjEchnUE9taxizpenO6mUYiJPU+F9ZiBffo9zC/drk57xsDky8xn1Z/i10BF +808+cmU/8RwEoApXi+D5qbixU2dskONpoTp97qoEGCZVaDgJ54bEOYSVPLILpGL SL/OrpOo9BdZqjSZJbg9SbuzbWbyzkPEBiUm+rli0cFPKlMCQE5pbrfKupdnVRlX xXuldOLKG3WsvFgFk7JH8/ZUHbjeh2uAhhaFlSuv9Pvi02isAoMcXvlWlEtThssn Yuy/0pIQKz7V0sZ/zai3cDM6NHX8oy26QDfWapv1kT/C9//iqqG9GYHlT+bQJMPa SHG9YgsV8peAVqZoe2MtUlXtOXsBuiwNR8VO/e7xjhqFH5avufV2brzdTTSD7Kyz RrUJuG88X+deAjrnPLhzqrS3/89mQ2EPz25IlBmCTV9mkhw3xiz1KumRp6X6OYNw E++hh0Bz7Uyag3U7Pht3Md+d9iQuMugxLW/LV5BE8Fsa7ciowv/T52n9XQdQIaB0 Pdv4CAQFgdUYiXkZ7u2ve2kfwkTjpzNyGm+HDnBpkJrKiAuVdsyY+tBsq81nT+Fp fccyl+Y5y8iFjwQcAm5akHsTm5l8lLNz1qXW7HOToUt/kjPi1FJiQccfytszPdMm m98heyw2wBq9s6poMGD4 =QdnV -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
