How to fix a "THROWAWAY" response
Havard Eidnes
he at uninett.no
Thu Sep 7 08:42:18 UTC 2023
>> You say that turning off "do-ipv6" works around the issue. Does
>> the web site in question serve contents over IPv6? Does it have
>> an AAAA record in the DNS (if "yes" to the former question it
>> should be a "yes" to the latter)? Does the name servers for the
>> zone where the web site address is registered have AAAA records
>> registered?
>
> Wait. Why should this last one be needed? I know it it false for my
> own domain aceecat.org, yet browsing www.aceecat.org (which *only*
> has an AAAA record) works fine, as long as there is an IPv6 pipe
> from the client of course.
I don't know for certain, but absent prior knowledge gathered by
unbound wrt. IPv6 reachability of name servers, resolving a
domain where the name servers have published AAAA records but
where unbound's IPv6 connectivity is present but hampered or
broken might cause resolution of the target domain to take longer
than the client is willing to wait.
Since the exact failure mode has only been vaguely described I
thought it pertinent to also mention this as a potential source
of issues.
Regards,
- Håvard
More information about the Unbound-users
mailing list