Greetings unbounders,
I occasionally need to look up an A record for which one of the
authoritative nameservers is lame: mail.opusnet.com
Unbound seems to accept the referral from the lame nameserver as
final, rather than trying the others:
$ ping mail.opusnet.com
ping: Cannot resolve "mail.opusnet.com" (No address associated with name)
Is that intentional? Maybe I'm misunderstanding the behavior.
Thanks,
Richard.
Richard Doty wrote:
Greetings unbounders,
I occasionally need to look up an A record for which one of the
authoritative nameservers is lame: mail.opusnet.comUnbound seems to accept the referral from the lame nameserver as
final, rather than trying the others:$ ping mail.opusnet.com
ping: Cannot resolve "mail.opusnet.com" (No address associated with name)Is that intentional? Maybe I'm misunderstanding the behavior.
This is not intentional. Most lame servers give different responses. I
added a new case to the lameness detection.
For an authority server that responds with noerror/nodata, no SOA in
authority, no AA bit, and an NS record pointing to the zone itself, this
is now treated as a lame server instead of an answer.
Thank you for the report.
A fix for the issue is in unbound svn trunk r1111.
Best regards,
~ Wouter