Inconsistent problems when resolving www.ratp.fr

Stephane_Bortzmeyer · December 11, 2012, 10:57am

When trying to get the IP address of www.ratp.fr, Unbound has an
inconsistent behaviour. Sometimes, it works, sometimes it servfails.

Now, I know that the domain is awfully broken (no EDNS, no answers to
some queries like NS, badly truncated answers, etc). Probably a stupid
Web load-balancing appliance with stupid DNS implementation.

Nevertheless, I wonder why Unbound does not always return the same
result?

when it works:

Dec 11 11:23:29 batilda unbound: [2631:0] info: processQueryTargets: www.ratp.fr. A IN
Dec 11 11:23:29 batilda unbound: [2631:0] info: new target altns2.ratp.fr. AAAA IN
Dec 11 11:23:29 batilda unbound: [2631:0] info: new target altns1.ratp.fr. AAAA IN
Dec 11 11:23:29 batilda unbound: [2631:0] info: sending query: www.ratp.fr. A IN
Dec 11 11:23:29 batilda unbound: [2631:0] debug: sending to target:
<www.ratp.fr.> 195.200.228.2#53

When it fails:

Dec 11 11:30:05 batilda unbound: [2631:0] info: processQueryTargets: www.ratp.fr. A IN
Dec 11 11:30:05 batilda unbound: [2631:0] debug: out of query targets -- returning SERVFAIL
Dec 11 11:30:05 batilda unbound: [2631:0] debug: return error response SERVFAIL

Stephane_Bortzmeyer · December 12, 2012, 8:53am

a message of 28 lines which said:

When trying to get the IP address of www.ratp.fr, Unbound has an
inconsistent behaviour. Sometimes, it works, sometimes it servfails.

After more investigation:

* the domain is delegated to two broken Web load balancers, probably Radware
Alteon (tested with another Alteon boxes)
* a DANE extension is installed in my Firefox and sends requests for
_443._tcp.www.ratp.fr
* The incorrect response to these requests (NXDOMAIN but without a
SOA) seems to trigger the problem

Wouter · December 12, 2012, 9:39am

Hi Stephane,