Domain not being resolved?

Søren Peter Skou sps at DanskKabelTV.dk
Wed Apr 18 09:54:01 UTC 2018


Hiya all,

This perplexes me a bit. My unbound seems to have taken a dislike towards a couple of domains. Specificially frederiksberg.dk and fkb.dk and the tld .ke If I try doing a dig ns frederiksberg.dk  and equivalent for fkb.dk – I simply get a SERVFAIL. Initially I thought it might be something related to DNSSEC, but https://dnssec-debugger.verisignlabs.com states all green for both domains. Now, neither of the domains are mine, I still need to resolve them 😊 And google can resolve this just fine.

Example failing for fkb.dk:
-bash-4.2$ dig ns fkb.dk @62.61.130.1

; <<>> DiG 9.10.4-P3 <<>> ns fkb.dk @62.61.130.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50361
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fkb.dk.                                IN      NS

;; Query time: 82 msec
;; SERVER: 62.61.130.1#53(62.61.130.1)
;; WHEN: Wed Apr 18 11:39:06 CEST 2018
;; MSG SIZE  rcvd: 35

Same result for both, however if I ask cloudflare, google or a Bind recursive server – I get a the result I expect.

-bash-4.2$ dig ns fkb.dk @62.61.136.249

; <<>> DiG 9.10.4-P3 <<>> ns fkb.dk @62.61.136.249
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23239
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fkb.dk.                                IN      NS

;; ANSWER SECTION:
fkb.dk.                 86400   IN      NS      ns3.prodns.net.
fkb.dk.                 86400   IN      NS      ns1.prodns.net.
fkb.dk.                 86400   IN      NS      ns9.prodns.net.
fkb.dk.                 86400   IN      NS      ns2.prodns.net.
fkb.dk.                 86400   IN      NS      ns4.prodns.net.

;; ADDITIONAL SECTION:
ns9.prodns.net.         95119   IN      A       74.116.176.8
ns9.prodns.net.         8719    IN      AAAA    2001:678:5::8

;; Query time: 66 msec
;; SERVER: 62.61.136.249#53(62.61.136.249)
;; WHEN: Wed Apr 18 11:41:50 CEST 2018
;; MSG SIZE  rcvd: 179

Same goes for google (8.8.8.8) and cloudflare (1.1.1.1).


Configuration is as follows:
server:
        auto-trust-anchor-file: "/usr/pkg/etc/unbound/root.key"
        verbosity: 1
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes

        interface: 62.61.130.1
        port: 53
        statistics-interval: 60
        extended-statistics: yes
        statistics-cumulative: yes
        root-hints: "/usr/pkg/etc/unbound/root.hints"
        hide-identity: no
        hide-version: yes
        use-caps-for-id: no
        harden-glue: yes
        harden-dnssec-stripped: yes
        cache-min-ttl: 3600
        cache-max-ttl: 86400
        prefetch: yes
        num-threads: 4
        msg-cache-slabs: 8
        rrset-cache-slabs: 8
        infra-cache-slabs: 8
        key-cache-slabs: 8
        outgoing-range: 950
        num-queries-per-thread: 512
        rrset-cache-size: 256m
        msg-cache-size: 128m
        so-rcvbuf: 204k
        so-sndbuf: 204k
        unwanted-reply-threshold: 10000
        val-clean-additional: no
        val-log-level: 2


I may be overlooking something extremely obvious, however I cannot see what that might be.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180418/d591af13/attachment.htm>


More information about the Unbound-users mailing list