On 10/15/2014 01:36 PM, Michael Tokarev wrote: > On 15.10.2014 10:48, Jelte Jansen wrote: >> On 10/14/2014 09:13 PM, Michael Tokarev wrote: >>> Hello. >>> >>> It looks like a there's a common problem in various networks, -- some >>> resolvers does not understand EDNS0 OPT record at the end of the DNS >>> query packet and returns either NXDOMAIN or NODATA response to *any* >>> such query, no matter if the domain in question exists or not. >> >> I guess you mean authoritative servers, not resolvers? > > No, I mean resolvers. The 'dns server' setting which is being sent over > dhcp, -- some distributions use this information and make it available > to unbound as `unbound-control forward <ip.add.re.ss>'. > > At least one network I come across here redirects outgoing port 53 to > the local resolver, so it isn't really possible to get it to work > even after disabling explicit forwarding. > > So the talk is about broken recursive resolvers (mostly in various > SOHO routers), not about certain domains. > > (The talk is about Dusseldorf, DE -- I'm at linuxcon right now, and > the wifi network in the DCC is of this kind, with broken DNS resolver. > I found many other wifi networks around the city share the same > brokeness -- so it looks like some local telecom issue.) > > [] >> But I'd rather see we try to get those broken domains fixed. Note that >> they do not need to support EDNS0, they just need to follow the RFCs >> instead of giving false answers. > > As a user I just had to disable unbound (which I used for local dns > caching), because I really needed the thing to work, I don't have > any time to fight with this prob at the conference.
So I ended up throwing away unbound which gave me so many headaches and installing dnsmasq. It is not as nice and all, but it has a huge advantage over unbound: it actually works, while unbound, with all its bells and whistles, does not. Thanks, /mjt >> Note that any reasonably modern resolver would be adding EDNS0 by >> default, so if they are responding badly to it they should have a lot >> more problems. > > Apparently, with so many people arond me, I was the only one in here > who had this prob ;) _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
