I just compiled and installed lnsd 1.6.13 and unbound 1.4.18 on a debian lenny VM.
Since I was getting temporary failures, I raised the log verbosity to 3 and the log (which I add at the end of the message) seems to indicate that queries to the root name server are either not being sent or not being answered…
I kinda manually replicated the behavior of the resolver (using dbndns’ dnsq command) in the same machine and got instant responses in every case (copied below the log).
Maybe someone with experience with unbound (and its logging) could help me about where to look?
I just compiled and installed lnsd 1.6.13 and unbound 1.4.18 on a
debian lenny VM.
Since I was getting temporary failures, I raised the log verbosity
to 3 and the log (which I add at the end of the message) seems to
indicate that queries to the root name server are either not being
sent or not being answered...
I kinda manually replicated the behavior of the resolver (using
dbndns' dnsq command) in the same machine and got instant responses
in every case (copied below the log).
Did you set +dnssec and +cdflag (options for 'dig') on the queries you
tested yourself? If not, your test differed from what unbound does.
The answers are bigger with the signatures included. Maybe you have a
firewall that drops UDP packets bigger than 512 bytes?
Maybe someone with experience with unbound (and its logging) could
help me about where to look?
I just compiled and installed lnsd 1.6.13 and unbound 1.4.18 on a
debian lenny VM.
Since I was getting temporary failures, I raised the log verbosity
to 3 and the log (which I add at the end of the message) seems to
indicate that queries to the root name server are either not being
sent or not being answered…
I kinda manually replicated the behavior of the resolver (using
dbndns’ dnsq command) in the same machine and got instant responses
in every case (copied below the log).
Did you set +dnssec and +cdflag (options for ‘dig’) on the queries you
tested yourself? If not, your test differed from what unbound does.
Nope… I hadn’t even enabled dnssec 'cause I wanted to test plain old resolution first.
The answers are bigger with the signatures included. Maybe you have a
firewall that drops UDP packets bigger than 512 bytes?
That might be… I’ll talk with the firewall guy and check that (and come back next week since I won’t have access to the server until Monday).