Maintained by: NLnet Labs

[Unbound-users] response to lame servers

Wouter Wijngaards
Mon Jun 9 10:47:11 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Doty wrote:
| Greetings unbounders,
|
| I occasionally need to look up an A record for which one of the
| authoritative nameservers is lame:  mail.opusnet.com
|
| Unbound seems to accept the referral from the lame nameserver as
| final, rather than trying the others:
|
| $ ping mail.opusnet.com
| ping: Cannot resolve "mail.opusnet.com" (No address associated with name)
|
| Is that intentional?  Maybe I'm misunderstanding the behavior.

This is not intentional. Most lame servers give different responses. I
added a new case to the lameness detection.

For an authority server that responds with noerror/nodata, no SOA in
authority, no AA bit, and an NS record pointing to the zone itself, this
is now treated as a lame server instead of an answer.

Thank you for the report.

A fix for the issue is in unbound svn trunk r1111.

Best regards,
~   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhM7g8ACgkQkDLqNwOhpPiWmACfQtNQ/OuSibUvwnGtuSMeGH3u
bsgAn2blDaOEP5ymzSPbHoIap4YPDioj
=6wck
-----END PGP SIGNATURE-----