Unbound not giving ANSWER SECTION for some hosts

Thu, 19 Jul 2018 04:48:01 -0700 

Hi all,

I have the problem with Unbound Version 1.7.3, compiled on FreeBSD 11.2,
that it won't give the ANSWER SECTION for some hosts, like github.com.


For most hosts it will resolve properly and give this for example:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56138
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


But for github.com it will give this:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57234
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com.                    IN      A

;; AUTHORITY SECTION:
github.com.             169039  IN      NS      ns-1707.awsdns-21.co.uk.
github.com.             169039  IN      NS      ns-1283.awsdns-32.org.
github.com.             169039  IN      NS      ns4.p16.dynect.net.
github.com.             169039  IN      NS      ns2.p16.dynect.net.
github.com.             169039  IN      NS      ns-421.awsdns-52.com.
github.com.             169039  IN      NS      ns1.p16.dynect.net.
github.com.             169039  IN      NS      ns3.p16.dynect.net.
github.com.             169039  IN      NS      ns-520.awsdns-01.net.

;; ADDITIONAL SECTION:
ns1.p16.dynect.net.     43283   IN      A       208.78.70.16
ns2.p16.dynect.net.     80767   IN      A       204.13.250.16
ns3.p16.dynect.net.     80767   IN      A       208.78.71.16
ns4.p16.dynect.net.     80767   IN      A       204.13.251.16
ns-421.awsdns-52.com.   80479   IN      A       205.251.193.165
ns-520.awsdns-01.net.   80479   IN      A       205.251.194.8
ns-1707.awsdns-21.co.uk. 80479  IN      A       205.251.198.171
ns-1707.awsdns-21.co.uk. 166614 IN      AAAA    2600:9000:5306:ab00::1

;; Query time: 179 msec
;; SERVER: 192.168.20.38#53(192.168.20.38)
;; WHEN: Thu Jul 19 12:43:36 CEST 2018
;; MSG SIZE  rcvd: 399


The unbound.conf is simple enough:
server:
        interface: 0.0.0.0
        access-control: 192.168.20.0/8 allow 
        access-control: 192.168.179.0/8 allow 
        private-address: 192.168.20.0/8
        private-address: 192.168.179.0/8
        verbosity: 1

forward-zone:
        name: "."
        forward-addr: 85.214.20.141             # Digitalcourage
        forward-addr: 46.182.19.48              # Digitalcourage
        forward-addr: 194.150.168.168   # AS250.net Foundation


This looks like a bug, for this unbound.conf works properly with
Unbound Version 1.5.10 on the same machine.

Hints to solve that are appreciated. Thanks!

Best regards
Oliver

Reply via email to