Hi Andreas, The failure you see is in the code for TCP FASTOPEN. It was enabled when you gave the configure option --enable-tfo-client.
We cannot do r = sendmsg(fd, &msg, MSG_FASTOPEN); to perform a TCP FASTOPEN on the tcp connection. It returns the errno that you see printed. That cheap VM has tcp fastopen issues. Do you think MSG_FASTOPEN is broken in that linux kernel or the hoster broke it (i.e. blocked in Firewall?). Best regards, Wouter On 30/05/17 09:21, A. Schulze via Unbound-users wrote: > Hello, > > the Domain use huge keys: https://zonemaster.net/test/f8b42c485139ea99 > Also DNSViz http://dnsviz.net/d/kernel-error.de/dnssec/ show warnings. > > But most of my unbound-host resolve without problems except instances on > "cheap hosted virtual machines" > As far as I can tell all unbound servers are configured identical: > > server: > chroot: /etc/unbound > minimal-responses: yes > harden-below-nxdomain: yes > harden-referral-path: yes > harden-glue: yes > outgoing-tcp-mss: 1220 > qname-minimisation: yes > tcp-mss: 1220 > use-caps-for-id: yes > val-log-level: 2 > auto-trust-anchor-file: trust/root-rfc5011.anchor > # do-ip4: yes > # do-ip6: yes > > "verbosity: 2" flood log errors when I "dig @$resolver kernel-error.de. > dnskey +dnssec" > 2017-05-30 00:03:24.413773500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 5.9.24.235 > 2017-05-30 00:03:24.419315500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 5.9.24.235 > 2017-05-30 00:03:24.419584500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1 > 2017-05-30 00:03:24.424685500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2a01:4f8:150:1095::53 > 2017-05-30 00:03:24.430201500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 5.9.24.235 > 2017-05-30 00:03:24.432426500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1 > 2017-05-30 00:03:24.435559500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2a01:4f8:161:3ec::53 > 2017-05-30 00:03:24.441102500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 5.9.24.235 > 2017-05-30 00:03:24.446647500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2a01:4f8:161:3ec::53 > 2017-05-30 00:03:24.452158500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2a01:4f8:161:3ec::53 > 2017-05-30 00:03:24.457540500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2a01:4f8:161:3ec::53 > 2017-05-30 00:03:24.691478500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 203.137.119.119 > 2017-05-30 00:03:24.698210500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1 > 2017-05-30 00:03:24.731290500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1 > 2017-05-30 00:03:24.950555500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 203.137.119.119 > 2017-05-30 00:03:24.953444500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 203.137.119.119 > 2017-05-30 00:03:24.992109500 [1496095404] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1 > 2017-05-30 00:03:25.202152500 [1496095405] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 2001:310:6000:f::1fc7:1 > 2017-05-30 00:03:25.229939500 [1496095405] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 203.137.119.119 > 2017-05-30 00:03:25.253539500 [1496095405] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 203.137.119.119 > 2017-05-30 00:03:25.462916500 [1496095405] unbound[4398:0] error: tcp > sendmsg: Broken pipe for 203.137.119.119 > > Bonus: only my own unbound-1.6.2 @cheap hosted virtual machines can't > resolve, > Debian Jessie Distribution unbound + bind work "@cheap hosted virtual > machines" :-/ > > Ideas? > > The owner of kernel-error.de will change it's domain in the next time. > I ask him to freeze the configuration some days until I understand why > my resolver fail. > > Thanks, > Andreas
signature.asc
Description: OpenPGP digital signature
