Hi Andreas,
Do you have QNAME minimisation enabled? Before 1.5.9 Unbound had code to
limit the number of outgoing queries for ip6.arpa lookups, in 1.5.9 we
generalised this to have a limit for all lookups. The new behaviour
might result in slightly more queries to the nameservers of a zone. The
combination of the "high" number of queries and the low number of
targets (one stub) can result in unbound marking the only available
target as unsuitable, therefore returning a SERVFAIL response.
This simple patch for 1.5.9 solves this problem. Also committed to trunk
in the source repository.
Index: iterator/iterator.c
===================================================================
--- iterator/iterator.c (revision 3795)
+++ iterator/iterator.c (working copy)
@@ -2024,6 +2024,8 @@
iq->qinfo_out.qname_len = iq->qchase.qname_len;
iq->minimise_count++;
+ iter_dec_attempts(iq->dp, 1);
+
/* Limit number of iterations for QNAMEs with more
On 15-06-16 23:56, A. Schulze via Unbound-users wrote:
>
>
> Am 15.06.2016 um 12:33 schrieb A. Schulze via Unbound-users:
>
>> just noticed this happen only on a Debian Squeeze host
>> On Debian Jessie I get the rDNS.
>
> The OS version is unrelated the configuration was different...
>
> I have a stub-zone statements in unbound.conf pointing to the hidden
> master nameserver for my zones.
> It works if I removed the stub-zone statement.
>
> But: even if I add a stub-zone section pointing unbound to the delegated
> nameserver resolving fail
> as long I have only one stub-addr statement. Using two stub-addr
> statements or adding "stub-prime: yes" make the zone resolvable.u
>
> That happen not for in-addr.arpa or 'normal' domains.
> It happen only for my ip6.arpa zone.
>
> Andreas
