Paul Wouters wrote: > On Sun, 6 Sep 2009, Leen Besselink wrote: > >>>> $ dig +short +norec @l.gtld-servers.net. ns2.titan.net. >>>> 64.13.134.59 >>>> >>>> Hope this was helpful. >>> >>> Are you sure you dont just have different settings for harden-glue >>> or harden-referral-path? See if you can see the same difference >>> when resolving an NS record for www.rbc.com (a site known to be >>> reachable through trusting glue) > >> Changing those settings doesn't matter a thing. You can try those >> domains on your recursive DNS, if you like. :-) > > Well, for me both ns1.titan.net. and ns2.titan.net, which are NS for > both titan.net and insecure.org are unreachable. Both are in the same > /24 too. I guess Fyodor needs a DNS admin :P >
That's Fyodor's problem luckily. :-) > I'd still still you were seeing some caching on one instance of unbound > that the other instance just did not have. > The one just talks to the powerdns-recursors, I think that's the difference. I get the same behaviour when talking directly to them, as I do below. > Paul > I just installed powerdns-recursor on my desktop to test it and it works when I do: dig @127.0.0.1 nmap.org ns (although it times out the first time) it will show the titan-nameservers as the nameservers for nmap.org. That's the difference I'm talking about. This is the powerdns-recursor (with an empty cache): $ dig @127.0.0.1 nmap.org ns ; <<>> DiG 9.5.1-P2 <<>> @127.0.0.1 nmap.org ns ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64235 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;nmap.org. IN NS ;; Query time: 3604 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Sep 6 19:11:16 2009 ;; MSG SIZE rcvd: 26 $ dig @127.0.0.1 nmap.org ns ; <<>> DiG 9.5.1-P2 <<>> @127.0.0.1 nmap.org ns ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37573 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;nmap.org. IN NS ;; ANSWER SECTION: nmap.org. 86390 IN NS ns1.titan.net. nmap.org. 86390 IN NS ns2.titan.net. ;; ADDITIONAL SECTION: ns2.titan.net. 172790 IN A 64.13.134.59 ns1.titan.net. 172790 IN A 64.13.134.58 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Sep 6 19:11:22 2009 ;; MSG SIZE rcvd: 103 This is unbound with or without an empty cache: $ dig @172.20.1.1 nmap.org ns ; <<>> DiG 9.5.1-P2 <<>> @172.20.1.1 nmap.org ns ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached Do you see what I mean with a diffence in behaviour. :-) _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
