Unbound not giving ANSWER SECTION for some hosts

Oliver Psotta oliver.psotta at posteo.de
Thu Jul 19 11:38:27 UTC 2018 

Hi all,

I have the problem with Unbound Version 1.7.3, compiled on FreeBSD 11.2,
that it won't give the ANSWER SECTION for some hosts, like github.com.


For most hosts it will resolve properly and give this for example:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56138
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


But for github.com it will give this:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57234
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com.			IN	A

;; AUTHORITY SECTION:
github.com.		169039	IN	NS	ns-1707.awsdns-21.co.uk.
github.com.		169039	IN	NS	ns-1283.awsdns-32.org.
github.com.		169039	IN	NS	ns4.p16.dynect.net.
github.com.		169039	IN	NS	ns2.p16.dynect.net.
github.com.		169039	IN	NS	ns-421.awsdns-52.com.
github.com.		169039	IN	NS	ns1.p16.dynect.net.
github.com.		169039	IN	NS	ns3.p16.dynect.net.
github.com.		169039	IN	NS	ns-520.awsdns-01.net.

;; ADDITIONAL SECTION:
ns1.p16.dynect.net.	43283	IN	A	208.78.70.16
ns2.p16.dynect.net.	80767	IN	A	204.13.250.16
ns3.p16.dynect.net.	80767	IN	A	208.78.71.16
ns4.p16.dynect.net.	80767	IN	A	204.13.251.16
ns-421.awsdns-52.com.	80479	IN	A	205.251.193.165
ns-520.awsdns-01.net.	80479	IN	A	205.251.194.8
ns-1707.awsdns-21.co.uk. 80479	IN	A	205.251.198.171
ns-1707.awsdns-21.co.uk. 166614	IN	AAAA	2600:9000:5306:ab00::1

;; Query time: 179 msec
;; SERVER: 192.168.20.38#53(192.168.20.38)
;; WHEN: Thu Jul 19 12:43:36 CEST 2018
;; MSG SIZE  rcvd: 399


The unbound.conf is simple enough:
server:
	interface: 0.0.0.0
	access-control: 192.168.20.0/8 allow 
	access-control: 192.168.179.0/8 allow 
	private-address: 192.168.20.0/8
	private-address: 192.168.179.0/8
	verbosity: 1

forward-zone:
	name: "."
	forward-addr: 85.214.20.141		# Digitalcourage
	forward-addr: 46.182.19.48		# Digitalcourage
	forward-addr: 194.150.168.168	# AS250.net Foundation


This looks like a bug, for this unbound.conf works properly with
Unbound Version 1.5.10 on the same machine.

Hints to solve that are appreciated. Thanks!

Best regards
Oliver

More information about the Unbound-users mailing list