The zone absolight.net (signed and published in ISC DLV) puzzles me. Some requests SERVFAIL but not others:
% dig ANY ns1.absolight.net. ... ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33316 % dig ANY ns2.absolight.net. ... ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19901 ... ns2.absolight.net. 86245 IN A 80.245.57.153 % dig A ns1.absolight.net. ... ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13932 ... ns1.absolight.net. 86400 IN A 79.143.240.129 The problem is DNSSEC-related since, if I add +cd, it works: % dig +cd ANY ns1.absolight.net. ... ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59487 ... ns1.absolight.net. 3420 IN RRSIG NSEC 5 3 3600 20090714212355 20090614212355 11595 absolight.net. 34zDPJjCt/H072EJd/54dydJV1xyXVMUHvyrfzrrqEBH/EX3JsqEk46Q embiOCOBUt1Rg/17LAJ96lYte556B2jjSOGH2jBkAki8X9feJNj4HIHP ULPCHsYYyw74ZFCK ns1.absolight.net. 3420 IN NSEC ns1-6.absolight.net. A AAAA RRSIG NSEC ns1.absolight.net. 86187 IN AAAA 2a01:678:100:53::53 ... I admit I do not understand why a A requests work and not an ANY request. If I restart Unbound, *other* names in the zone fail and those which failed now work. BIND has no problem with this zone. Unbound 1.2.0 and 1.3.0, Debian/Linux. All the tests have been done with dlv.isc.org enabled. _______________________________________________ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
