I am seeing a weird result on some OpenBSD 7.5 stable amd64 systems:
The servers are running a local unbound(8) and /etc/resolv.conf is configured to use 127.0.0.1.
$ cat /etc/resolv.conf nameserver 127.0.0.1
lookup file bind
$
/var/unbound/etc/unbound.conf is almost default. Only the listening addresses and access limitations have been modified. Name resolution generally works fine on the hosts.
I have a DNS hostname, call it test.example.dynv6.net, for which only an AAAA record exists. The authoritative name servers don't use DNSSEC.
Results:
$ host test.example.dynv6.net
Host test.example.dynv6.net not found: 2(SERVFAIL)
$
$ dig +short test.example.dynv6.net aaaa
2001:db8::dead:beaf
$
But for a different hostname (on a different domain, different nameservers, again with only an AAAA record, no A record, no DNSSEC), host(1) returns the IPv6 address as expected.
Both host(1) and dig(1) should be using the local unbound(8).
So why isn't host(1) showing the IPv6 address for test.example.dynv6.net? Is this a bug in host(1) or am I doing something wrong?
How can I debug this to find the root cause?
I have added »log-servfail: yes« to /var/unbound/etc/unbound.conf and /var/log/daemon shows entries such as these, when the problem happens:
Sep 20 10:23:03 xxx unbound: [70725:0] error: SERVFAIL <test.example.dynv6.net. A IN>: all servers for this domain failed, at zone dynv6.net. from 95.216.144.82 nodata answer
Sep 20 10:24:10 xxx unbound: [70725:0] error: SERVFAIL <test.example.dynv6.net. A IN>: all servers for this domain failed, at zone dynv6.net. from 2a01:4f8:1c1c:4c96:: nodata answer
So the problem seems to happen when host(1) tries to resolve the IPv4 address. Apparently once it fails it does not try to resolve the IPv6 address?
Thanks!
Mike
No comments:
Post a Comment