Hello,
Today I upgraded unbound from 1.17.1 to 1.18.0 and noticed probably some behavior change. Something similar to this:
https://github.com/NLnetLabs/unbound/issues/267
To describe my problem:
After upgrade I wanted quickly to check the upgraded server (IPv4 only, IP 10.0.0.2) is running:
# nslookup dennikn.sk. 10.0.0.2
Server: 10.0.0.2
Address: 10.0.0.2#53
Non-authoritative answer:
Name: dennikn.sk
Address: 92.60.51.23
** server can't find dennikn.sk: SERVFAIL
Eeehh.. SERVFAIL? Later I learned nslookup by default both A and AAAA records. It tried A record for dennikn.sk and got answer. Then it tried AAAA record and got error. Hmmm.. is there error with AAAA records in general? No, other AAAA records are resolved just fine:
# nslookup -q=aaaa sme.sk. 10.0.0.2
Server: 10.0.0.2
Address: 10.0.0.2#53
Non-authoritative answer:
Name: sme.sk
Address: 2606:4700:10::6816:ce6
Name: sme.sk
Address: 2606:4700:10::ac43:1651
Name: sme.sk
Address: 2606:4700:10::6816:de6
I checked nameservers of domain dennikn.sk:
# nslookup -q=ns dennikn.sk. 10.0.0.2
Server: 10.0.0.2
Address: 10.0.0.2#53
Non-authoritative answer:
dennikn.sk nameserver = nss2.bonet.sk.
dennikn.sk nameserver = nss1.bntb.net.
dennikn.sk nameserver = nss1.bonet.sk.
I tried all of them, all of them answered "nothing" for AAAA query:
# nslookup -q=aaaa dennikn.sk. nss1.bonet.sk
Server: ns1.bonet.sk
Address: 185.91.200.2#53
*** Can't find dennikn.sk: No answer
I tried to run unbound with verbosity:3 to inspect what is it doing. Of course, it tried to get AAAA records from all 3 of them and got no answer, I can see it in unbound's log file:
Sep 14 11:36:14 unbound[19191:0] debug: out of query targets -- returning SERVFAIL
So to summarise it: upstream servers returned 3x "nothing" and unbound in turn returned error. How can I get it to return "nothing" for these cases? The way how previous version 1.17.1 did it.
Thank you.
ico