Orthogonally, You might want to check if your network environment is suitable with respect to EDNS0 and UDP packet sizes and there are no weird network elements blocking your DNS view to the authoritative world. A quick way for finding that out is running netalyzr (http://netalyzr.icsi.berkeley.edu/) --Olaf ________________________________________________________ Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20120214/1b3ec5eb/attachment.pgp>