On 9/11/2015 5:39 AM, Frank de Bot via Unbound-users wrote: > Hi, > > Under FreeBSD I'm setting up a resolv-only unbound server. While testing > I've noticed some domain do not resolve (server returns SERVFAIL) > > When running verbosily I noticed this in the log: > > [1441963936] unbound[22814:0] info: processQueryTargets: ns.tweakdns.nl. > AAAA IN > [1441963936] unbound[22814:0] debug: request ns.tweakdns.nl. has > exceeded the maximum number of glue fetches 37 > [1441963936] unbound[22814:0] debug: request ns.tweakdns.nl. has > exceeded the maximum number of glue fetches 37 > [1441963936] unbound[22814:0] debug: return error response SERVFAIL > [1441963936] unbound[22814:0] debug: validator[module 0] operate: > extstate:module_state_initial event:module_event_moddone > [1441963936] unbound[22814:0] info: validator operate: query > ns.tweakdns.nl. AAAA IN > [1441963936] unbound[22814:0] debug: iterator[module 1] operate: > extstate:module_wait_subquery event:module_event_pass > [1441963936] unbound[22814:0] info: iterator operate: query > tweakers.net. A IN > [1441963936] unbound[22814:0] info: processQueryTargets: tweakers.net. A IN > [1441963936] unbound[22814:0] debug: out of query targets -- returning > SERVFAIL > [1441963936] unbound[22814:0] debug: return error response SERVFAIL > > A second query about 15/20 second later does work and it's cached. > > A lot of domain resolve from the start without any trouble. I don't > know where exactly to look for the problem. Is this a problem that could > reside in Unbound?
I've seen symptoms here that are very similar to what you describe. I had been using unbound as a recursive, caching server with no forwarding enabled. I would notice that the DNS lookups would stall (and the browser would timeout on a DNS error) for certain websites. If I retried a few seconds later, the DNS lookup would be fine. The website that elicited the symptom most frequently for me was slashdot.org. I was/am running unbound on FreeBSD 10.1. Initially, I saw the issue running the local_unbound that is in FreeBSD base. I also installed the unbound port, and saw the symptom there as well. I didn't really do any in depth debugging, well, because other stuff was going on in my life, and forwarding all DNS requests from unbound to my ISP's DNS servers made the problem go away. I've not had the time to get back the the problem and turn on debugging to gather more info.
