Re: auth-zones and DNS NOTIFY

Sun, 03 Jun 2018 05:06:01 -0700 

On 06/02/2018 10:44 AM, Harry Schmalzbauer via Unbound-users wrote:

Am 17.04.2018 um 15:26 schrieb W.C.A. Wijngaards via Unbound-users:

Hi Harry,

Yes, DNS NOTIFY is implemented in the current code repo version.  You
can specify additional sources with allow-notify.


Great, thanks a lot!.
Found time to update some production systems, but unfortunately zone transfer seem to work only initially, then I see these messages logged: unbound: [14927:0] error: ./services/authzone.c at 6102 could not pthread_mutex_lock(&xfr->lock): Resource deadlock avoided unbound: [14927:0] error: ./services/authzone.c at 3454 could not pthread_mutex_lock(&xfr->lock): Resource deadlock avoided 
…

Increasing log level to 3 doesn't show more useful.
After the error occurs, unbound returns "error response SERVFAIL" for all queries which match stub-zones: and all quieries matching auth-zones: get the old records (no xfer any more). 

Any idea where the problem could come from?
Will try to make all stub-zones auth-zones and see if that changes anything....
Repeat by testing with auth-zone as a prefetch for root seems to yield similar results after 12 to 24 hours. 

LOG
unbound: [18768:0] error: can't bind socket: Permission denied for ::

CONF
auth-zone:
  name: "."
  master: "lax.xfr.dns.icann.org"
  master: "iad.xfr.dns.icann.org"
  url: "http://www.internic.net/domain/root.zone";
  fallback-enabled: yes
  for-downstream: no
  for-upstream: yes
  zonefile: "root.zone"

auth-zone:
  name: "arpa"
  master: "lax.xfr.dns.icann.org"
  master: "iad.xfr.dns.icann.org"
  url: "http://www.internic.net/domain/arpa.zone";
  fallback-enabled: yes
  for-downstream: no
  for-upstream: yes
  zonefile: "arpa.zone"

auth-zone:
  name: "in-addr.arpa"
  master: "lax.xfr.dns.icann.org"
  master: "iad.xfr.dns.icann.org"
  url: "http://www.internic.net/domain/in-addr.arpa.zone";
  fallback-enabled: yes
  for-downstream: no
  for-upstream: yes
  zonefile: "in-addr.arpa.zone"

auth-zone:
  name: "ip6.arpa"
  master: "lax.xfr.dns.icann.org"
  master: "iad.xfr.dns.icann.org"
  url: "http://www.internic.net/domain/ip6.arpa.zone";
  fallback-enabled: yes
  for-downstream: no
  for-upstream: yes
  zonefile: "ip6.arpa.zone"

Reply via email to