Re: Unbound not giving ANSWER SECTION for some hosts

Thu, 19 Jul 2018 05:05:13 -0700 

Hi Oliver,

I see that this is a referral.  The upstream service does not resolve
github properly and this is what they return for that query?  Unbound
will then accept it and store it (I can imagine that this changed
between the older version and today), but it looks like this is
something that the forward-zone addresses are returning wrongly.

Best regards, Wouter


On 19/07/18 13:38, Oliver Psotta via Unbound-users wrote:
> Hi all,
>
> I have the problem with Unbound Version 1.7.3, compiled on FreeBSD 11.2,
> that it won't give the ANSWER SECTION for some hosts, like github.com.
>
>
> For most hosts it will resolve properly and give this for example:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56138
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
>
> But for github.com it will give this:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57234
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 9
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;github.com.                  IN      A
>
> ;; AUTHORITY SECTION:
> github.com.           169039  IN      NS      ns-1707.awsdns-21.co.uk.
> github.com.           169039  IN      NS      ns-1283.awsdns-32.org.
> github.com.           169039  IN      NS      ns4.p16.dynect.net.
> github.com.           169039  IN      NS      ns2.p16.dynect.net.
> github.com.           169039  IN      NS      ns-421.awsdns-52.com.
> github.com.           169039  IN      NS      ns1.p16.dynect.net.
> github.com.           169039  IN      NS      ns3.p16.dynect.net.
> github.com.           169039  IN      NS      ns-520.awsdns-01.net.
>
> ;; ADDITIONAL SECTION:
> ns1.p16.dynect.net.   43283   IN      A       208.78.70.16
> ns2.p16.dynect.net.   80767   IN      A       204.13.250.16
> ns3.p16.dynect.net.   80767   IN      A       208.78.71.16
> ns4.p16.dynect.net.   80767   IN      A       204.13.251.16
> ns-421.awsdns-52.com. 80479   IN      A       205.251.193.165
> ns-520.awsdns-01.net. 80479   IN      A       205.251.194.8
> ns-1707.awsdns-21.co.uk. 80479        IN      A       205.251.198.171
> ns-1707.awsdns-21.co.uk. 166614       IN      AAAA    2600:9000:5306:ab00::1
>
> ;; Query time: 179 msec
> ;; SERVER: 192.168.20.38#53(192.168.20.38)
> ;; WHEN: Thu Jul 19 12:43:36 CEST 2018
> ;; MSG SIZE  rcvd: 399
>
>
> The unbound.conf is simple enough:
> server:
>       interface: 0.0.0.0
>       access-control: 192.168.20.0/8 allow 
>       access-control: 192.168.179.0/8 allow 
>       private-address: 192.168.20.0/8
>       private-address: 192.168.179.0/8
>       verbosity: 1
>
> forward-zone:
>       name: "."
>       forward-addr: 85.214.20.141             # Digitalcourage
>       forward-addr: 46.182.19.48              # Digitalcourage
>       forward-addr: 194.150.168.168   # AS250.net Foundation
>
>
> This looks like a bug, for this unbound.conf works properly with
> Unbound Version 1.5.10 on the same machine.
>
> Hints to solve that are appreciated. Thanks!
>
> Best regards
> Oliver

Reply via email to