I decided to try using unbound without enabling TCP so I set “do-tcp: no”
Then I was using the program I have to copy over the settings file and this includes obtaining any updated roots.hints file from ftp.internic.net as “ftp://ftp.internic.net/domain/named.cache“
However when I ran the program I was not able for some time, to reach the site.
I enabled verbose level 4 and I have a log from:
02/08/2018 15:19:41 C:\Program Files\Unbound\unbound.exe[9192:0] info: start of service (unbound 1.7.4_20180716).
At the start I was getting:
C:\Program Files\Unbound>dig ftp.internic.net
; <<>> DiG 9.12.2 <<>> ftp.internic.net
;; global options: +cmd
;; connection timed out; no servers could be reached
Returned from DIG.
This carried on for some time until the response changed from the above to:
C:\Program Files\Unbound>dig ftp.internic.net
; <<>> DiG 9.12.2 <<>> ftp.internic.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50179
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.internic.net. IN A
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Aug 02 15:30:31 GMT Summer Time 2018
;; MSG SIZE rcvd: 45
And then a bit later on I got:
; <<>> DiG 9.12.2 <<>> ftp.internic.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37661
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.internic.net. IN A
;; ANSWER SECTION:
ftp.internic.net. 1035 IN CNAME internicftp.vip.icann.org.
internicftp.vip.icann.org. 1036 IN A 192.0.47.9
;; Query time: 31 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Aug 02 15:33:38 GMT Summer Time 2018
;; MSG SIZE rcvd: 100
The log is some 2.2MB so I did not want to attach is to this post
Here are what I hope are some salient clues from the log:
02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info: validator operate: query c.gtld-servers.net. A IN
02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug: querying for next missing target
02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug: return error response SERVFAIL
02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] info: validator operate: query c.gtld-servers.net. A IN
02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug: validator: nextmodule returned
02/08/2018 15:19:50 C:\Program Files\Unbound\unbound.exe[9192:1] debug: cannot validate non-answer, rcode SERVFAIL
02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug: request has dependency depth of 5
02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug: request has exceeded the maximum dependency depth with depth of 5
02/08/2018 15:19:51 C:\Program Files\Unbound\unbound.exe[9192:1] debug: return error response SERVFAIL
02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 33
02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug: request has exceeded the maximum number of sends with 33
02/08/2018 15:22:19 C:\Program Files\Unbound\unbound.exe[9192:1] debug: return error response SERVFAIL
From the configuration file:
Enable IPv4, “yes” or “no”.
do-ip4: yes
Enable IPv6, “yes” or “no”.
do-ip6: yes
Enable UDP, “yes” or “no”.
do-udp: yes
Enable TCP, “yes” or “no”.
do-tcp: no
I also notice some of these lines in the log but TCP is not enabled?:
02/08/2018 15:19:56 C:\Program Files\Unbound\unbound.exe[9192:1] debug: tcp error for address ip4 199.254.50.1 port 53 (len 16)
02/08/2018 15:21:08 C:\Program Files\Unbound\unbound.exe[9192:1] debug: tcp error for address ip6 2620:74:19::33 port 53 (len 28)
Any thoughts?
Regards
Ray
