On Thu, 16 May 2019, John Levine via Unbound-users wrote:
Date: Thu, 16 May 2019 14:36:27 From: John Levine via Unbound-users <[email protected]> To: [email protected] Subject: Strange failure on XN--MGBA3A4F16A. I'm running unbound 1.9.1 from the FreeBSD package. I have dnssec validation turned on. When I try to look up the XN--MGBA3A4F16A. TLD, after a delay I get SERVFAIL.
Same for unbound 1.8.3, without running a local root. A restart with enabled verbosity to see what's going on, of course worked like a charm :/ Note the TTL is pretty short (1440, did someone confuse MTU for TTL?) Manual checking: # dig ns XN--MGBA3A4F16A. @a.nic.ir. time out # dig ns XN--MGBA3A4F16A. @b.nic.ir. SERVFAIL, # dig ns XN--MGBA3A4F16A. @ir.cctld.authdns.ripe.net. works. I guess unbound's detection, in combination with the short TTL and 2 out of 3 failing servers, is causing this. But in theory, unbound should be able to get a hold of this domain properly..... Paul
