NXDomain with Unbound



  • Does anyone have issues resolving infoblox.com when using unbound as their resolver (no forwarding)? If I setup a domain override and forward the request to 1.1.1.1 then it resolves just fine. Trying to figure out why this is happening and if it's affecting other domains without my knowledge.

    [2.4.5-RELEASE][admin@fw.localdomain]/root: dig infoblox.com

    ; <<>> DiG 9.14.12 <<>> infoblox.com

    ;; global options: +cmd

    ;; Got answer:

    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15937

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:

    ; EDNS: version: 0, flags:; udp: 512

    ;; QUESTION SECTION:

    ;infoblox.com. IN A

    ;; Query time: 1953 msec

    ;; SERVER: 127.0.0.1#53(127.0.0.1)

    ;; WHEN: Wed Sep 30 10:34:53 PDT 2020

    ;; MSG SIZE rcvd: 41



  • I built a new pfsense virtual appliance from the CE ISO and I get the same issue. Not sure what the deal is here.

    Infoblox.com test

    f6f591e9-0972-4b6a-88c0-8860780fcb8d-image.png

    Microsoft.com test

    59048454-5672-4490-a143-98af55d40e52-image.png



  • As an extra data point, the lookup for infoblox.com fails when run directly on my pfSense box at the shell prompt using dig resolving using unbound. It succeeds on my Microsoft AD domain controller/DNS, but takes a long time to resolve there.

    So something about that particular domain appears to not be working with unbound, the DNS Resolver in pfSense.

    @johnpoz is our resident DNS expert. Perhaps he will drop by with some troubleshooting suggestions.


  • LAYER 8 Global Moderator

    No issues here

    [2.4.5-RELEASE][admin@sg4860.local.lan]/root: dig infoblox.com
    
    ; <<>> DiG 9.14.12 <<>> infoblox.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39044
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;infoblox.com.                  IN      A
    
    ;; ANSWER SECTION:
    infoblox.com.           3568    IN      A       23.185.0.3
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Thu Oct 01 08:05:36 CDT 2020
    ;; MSG SIZE  rcvd: 57
    
    [2.4.5-RELEASE][admin@sg4860.local.lan]/root: 
    

    I would suggest you do a trace..

    [2.4.5-RELEASE][admin@sg4860.local.lan]/root: dig infoblox.com +trace
    
    ; <<>> DiG 9.14.12 <<>> infoblox.com +trace
    ;; global options: +cmd
    .                       6466    IN      NS      a.root-servers.net.
    .                       6466    IN      NS      b.root-servers.net.
    .                       6466    IN      NS      c.root-servers.net.
    .                       6466    IN      NS      d.root-servers.net.
    .                       6466    IN      NS      e.root-servers.net.
    .                       6466    IN      NS      f.root-servers.net.
    .                       6466    IN      NS      g.root-servers.net.
    .                       6466    IN      NS      h.root-servers.net.
    .                       6466    IN      NS      i.root-servers.net.
    .                       6466    IN      NS      j.root-servers.net.
    .                       6466    IN      NS      k.root-servers.net.
    .                       6466    IN      NS      l.root-servers.net.
    .                       6466    IN      NS      m.root-servers.net.
    .                       6466    IN      RRSIG   NS 8 0 518400 20201013050000 20200930040000 46594 . Xu7cjJ+kdiHxSW27+Z3HpwACUprax7seN6Aoa1qhfhY6M82oxBsO0fpX J2XA2grBx/TfsSxwZQOSoW8VQeA4z9iTt5Oac0t5h7iPXfx5vO/+bJpR Fwh87FKUXEtePZrjcbr6a7ULZjzf4NYUZuQ9/7sJ5bNlXS4sOUCp/f+l ZBE2uZ8piKGiF4wafEh3FcBVCWk+UYzjPGfY0BkZ0g8QnPJkmO0KRSDM db1XDjeNITQdqJEE7+t74PkejY+GjiDT3oqvN51e3HTRZYB9BRoWmnlk nOQlIu+qE01HKdf6zTvkmEatDnQ4V/ii0nE5WslKNZpRkrCyN8NH1vjz cnJR7g==
    ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
    
    com.                    172800  IN      NS      a.gtld-servers.net.
    com.                    172800  IN      NS      b.gtld-servers.net.
    com.                    172800  IN      NS      c.gtld-servers.net.
    com.                    172800  IN      NS      d.gtld-servers.net.
    com.                    172800  IN      NS      e.gtld-servers.net.
    com.                    172800  IN      NS      f.gtld-servers.net.
    com.                    172800  IN      NS      g.gtld-servers.net.
    com.                    172800  IN      NS      h.gtld-servers.net.
    com.                    172800  IN      NS      i.gtld-servers.net.
    com.                    172800  IN      NS      j.gtld-servers.net.
    com.                    172800  IN      NS      k.gtld-servers.net.
    com.                    172800  IN      NS      l.gtld-servers.net.
    com.                    172800  IN      NS      m.gtld-servers.net.
    com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
    com.                    86400   IN      RRSIG   DS 8 1 86400 20201014050000 20201001040000 26116 . Bdl9yw/8Y1O9NDLtYpEV9gyLFtHFuzpSbgioDM6rqmV4f/g6H5RXiJf7 AdAN43FBv5caxG5fnz9b2/zLPyM+wL9U4m5v4nHfvQrwXy8mmYbw+qUI 8l5AhA8PXMo2bXSPdZU2dA4QRK+hmFGL2g/FLxooJ+2rP4Z8+l4irBfI IpvyOjN0IzYezwh6Wq6GDcQh9GHZ0J0mFZQFq8XfMz6KL4XyuPpVQhoe DYuoXTSjbti5GravgDHMZN7xGtO7uXonca2xhlzreIpUtJQbNvk7+O3P OgaVn0IjhxkraXUYc/Tl6yiLX7fTNDytcf4y7lvtoMvNzvVKiNrf2MoB 3sdQ4g==
    ;; Received 1172 bytes from 198.97.190.53#53(h.root-servers.net) in 120 ms
    
    infoblox.com.           172800  IN      NS      ns1.infoblox.com.
    infoblox.com.           172800  IN      NS      ns2.infoblox.com.
    infoblox.com.           172800  IN      NS      ns3.infoblox.com.
    infoblox.com.           172800  IN      NS      ns4.infoblox.com.
    infoblox.com.           172800  IN      NS      ns5.infoblox.com.
    infoblox.com.           172800  IN      NS      ns6.infoblox.com.
    infoblox.com.           86400   IN      DS      33613 5 2 339462CBAEB1773800EA8B688D2CA048FCAB0EB2933A97AEE2B86A9A 212F37C5
    infoblox.com.           86400   IN      DS      33613 5 1 629C2D6C060E2133CD0F4470F3ECC8834DA4FAD6
    infoblox.com.           86400   IN      DS      49879 5 2 605656DB7C9DFE4D8A453C350B3DA63039A78878DA089AD4247AB9A0 D3B43998
    infoblox.com.           86400   IN      DS      49879 5 1 C1DB78AD9A8928CB15A7E0CE9E4468D433F5C638
    infoblox.com.           86400   IN      RRSIG   DS 8 2 86400 20201006050039 20200929035039 24966 com. 0B701Vk+rrbm7GABHxrVTr1ZnWEpbkeFGAlCXRldd+NCTpi6kzIquaXE 7c4hQR4uqSY1jSlcO4OMEUMrBy7ntRZsZX1j4JkOOL8YGvoYlMGVRPg8 alDfOm3iClKdfKlBh6/PsdGVaiZ1OE6IO3TrufajePz5mfs/sDr/Yni7 AzDTLsPzekori+SytpPPWxzjVL0Wa3nMAUaruDtoF2KpuA==
    ;; Received 664 bytes from 192.41.162.30#53(l.gtld-servers.net) in 53 ms
    
    infoblox.com.           30      IN      A       23.185.0.3
    infoblox.com.           30      IN      RRSIG   A 5 2 30 20201004225815 20200930225526 31023 infoblox.com. rs7SYJFiQdkfYUON+HhYAHD0Xh1UVhfZICugqzcVxtq4zGThqxLMn9Ic 38gtV0ZxRz2mkzSF1GAE5pTCqzizb16JXQOiPFJX58DNDhBjpB/nnapm gv8Z6SKb/GTKDxA5pxxeqiwAd6sMcmcdXG/xVzICNY6G20bzE2dcqbG7 SCc=
    infoblox.com.           30      IN      RRSIG   A 5 2 30 20201004225815 20200930225526 51612 infoblox.com. tO7NQDIqZ44fK2WUre9qAgc+xrxn2yHNApuQI3RUIFVDZG2MNrIqgJFc ni5AjW1jtzZKpBTvERZLIvpwSYNxdmAG+swHYy3t4b2cBKAJgFFPzzm3 KTO+83ik392U1+c4nQH3K6UQSDTHX6+fkmrfx10nLYnqEwY/ujdXrKEp IIM=
    ;; Received 429 bytes from 23.99.82.199#53(ns6.infoblox.com) in 70 ms
    
    [2.4.5-RELEASE][admin@sg4860.local.lan]/root: 
    

    To see where it could be failing.. Can you resolve the NS for it? Or find them else where and then do a directed query to one of the 6 of them

    [2.4.5-RELEASE][admin@sg4860.local.lan]/root: dig @207.47.7.140 infoblox.com
    
    ; <<>> DiG 9.14.12 <<>> @207.47.7.140 infoblox.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24568
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 9
    ;; WARNING: recursion requested but not available
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ; COOKIE: 2cd556808dacc581bfdabf075f75d4ce7b07a330d4a5c8b5 (good)
    ;; QUESTION SECTION:
    ;infoblox.com.                  IN      A
    
    ;; ANSWER SECTION:
    infoblox.com.           30      IN      A       23.185.0.3
    
    ;; AUTHORITY SECTION:
    infoblox.com.           3600    IN      NS      ns5.infoblox.com.
    infoblox.com.           3600    IN      NS      ns1.infoblox.com.
    infoblox.com.           3600    IN      NS      ns4.infoblox.com.
    infoblox.com.           3600    IN      NS      ns3.infoblox.com.
    infoblox.com.           3600    IN      NS      ns6.infoblox.com.
    infoblox.com.           3600    IN      NS      ns2.infoblox.com.
    
    ;; ADDITIONAL SECTION:
    ns4.infoblox.com.       3600    IN      A       207.47.7.139
    ns1.infoblox.com.       3600    IN      A       207.47.7.140
    ns2.infoblox.com.       3600    IN      A       205.234.19.211
    ns3.infoblox.com.       3600    IN      A       205.234.19.10
    ns5.infoblox.com.       3600    IN      A       52.21.154.140
    ns6.infoblox.com.       3600    IN      A       23.99.82.199
    ns2.infoblox.com.       3600    IN      AAAA    2620:10a:6001:fffe::11
    ns3.infoblox.com.       3600    IN      AAAA    2620:10a:6001:fffe::10
    
    ;; Query time: 65 msec
    ;; SERVER: 207.47.7.140#53(207.47.7.140)
    ;; WHEN: Thu Oct 01 08:08:30 CDT 2020
    ;; MSG SIZE  rcvd: 345
    

    From the trace info and the directed query info - lets see what we see, from there depending on that info we can see what direction we need to go into why your failing.

    My guess would be your having problems talking to one of the NS along the path.

    A failure to resolve normally is something in the network connection that prevents you from talking to NS along the path to get to the authoritative NS for that domain.

    Or sometimes something wrong with dnssec.. But that wouldn't return servfail, and if that was the case for infoblox would be funny as shit, since they are in the dns business ;)

    Their 30 second ttl maybe they are in the middle of some sort of transition.. Such a low ttl is just absurd if you ask me without being in the middle of some sort of major change in dns.



  • Here is what I get with a trace direct from my firewall using unbound --

    [2.4.5-RELEASE][admin@firewall.themeeks.net]/root: dig infoblox.com +trace
    
    ; <<>> DiG 9.14.12 <<>> infoblox.com +trace
    ;; global options: +cmd
    .                       7330    IN      NS      m.root-servers.net.
    .                       7330    IN      NS      b.root-servers.net.
    .                       7330    IN      NS      c.root-servers.net.
    .                       7330    IN      NS      d.root-servers.net.
    .                       7330    IN      NS      e.root-servers.net.
    .                       7330    IN      NS      f.root-servers.net.
    .                       7330    IN      NS      g.root-servers.net.
    .                       7330    IN      NS      h.root-servers.net.
    .                       7330    IN      NS      i.root-servers.net.
    .                       7330    IN      NS      a.root-servers.net.
    .                       7330    IN      NS      j.root-servers.net.
    .                       7330    IN      NS      k.root-servers.net.
    .                       7330    IN      NS      l.root-servers.net.
    .                       7330    IN      RRSIG   NS 8 0 518400 20201013170000 20200930160000 46594 . f0NDvvk1VGB5ygfBlYVO+i7TT8ac9V+o1/g1xC2BPvlRljydfOgefJzA sIfW1AIZmjgMIelJgduaW02q0fqNJ6o7V71A9vy2I/CgD8hvFFkZL5fd bCpMnQ8OEmpgTAVcJeGly1vd0xogIOwLKKhjI3FyasLqiUx0ZdSgIxMQ uiIPkvnjPfh9E+8M1gRsQCy5rmki3zNWuUHeo4WP3GDFtR+8DD7tIozy v0wtORuHQPH0a+lCrx4JyHOdjHQFP+/L/qBUe1O+h1buuUImleYMG4HE s0R+Zbf8UMTk/WyPZiZjTb05NM4Wy2+6m/mXdzdeEqLv/Ce7z+JVSuCD mSZQgw==
    ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
    
    com.                    172800  IN      NS      a.gtld-servers.net.
    com.                    172800  IN      NS      b.gtld-servers.net.
    com.                    172800  IN      NS      c.gtld-servers.net.
    com.                    172800  IN      NS      d.gtld-servers.net.
    com.                    172800  IN      NS      e.gtld-servers.net.
    com.                    172800  IN      NS      f.gtld-servers.net.
    com.                    172800  IN      NS      g.gtld-servers.net.
    com.                    172800  IN      NS      h.gtld-servers.net.
    com.                    172800  IN      NS      i.gtld-servers.net.
    com.                    172800  IN      NS      j.gtld-servers.net.
    com.                    172800  IN      NS      k.gtld-servers.net.
    com.                    172800  IN      NS      l.gtld-servers.net.
    com.                    172800  IN      NS      m.gtld-servers.net.
    com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
    com.                    86400   IN      RRSIG   DS 8 1 86400 20201014050000 20201001040000 26116 . Bdl9yw/8Y1O9NDLtYpEV9gyLFtHFuzpSbgioDM6rqmV4f/g6H5RXiJf7 AdAN43FBv5caxG5fnz9b2/zLPyM+wL9U4m5v4nHfvQrwXy8mmYbw+qUI 8l5AhA8PXMo2bXSPdZU2dA4QRK+hmFGL2g/FLxooJ+2rP4Z8+l4irBfI IpvyOjN0IzYezwh6Wq6GDcQh9GHZ0J0mFZQFq8XfMz6KL4XyuPpVQhoe DYuoXTSjbti5GravgDHMZN7xGtO7uXonca2xhlzreIpUtJQbNvk7+O3P OgaVn0IjhxkraXUYc/Tl6yiLX7fTNDytcf4y7lvtoMvNzvVKiNrf2MoB 3sdQ4g==
    ;; Received 1172 bytes from 193.0.14.129#53(k.root-servers.net) in 32 ms
    
    infoblox.com.           172800  IN      NS      ns1.infoblox.com.
    infoblox.com.           172800  IN      NS      ns2.infoblox.com.
    infoblox.com.           172800  IN      NS      ns3.infoblox.com.
    infoblox.com.           172800  IN      NS      ns4.infoblox.com.
    infoblox.com.           172800  IN      NS      ns5.infoblox.com.
    infoblox.com.           172800  IN      NS      ns6.infoblox.com.
    infoblox.com.           86400   IN      DS      33613 5 2 339462CBAEB1773800EA8B688D2CA048FCAB0EB2933A97AEE2B86A9A 212F37C5
    infoblox.com.           86400   IN      DS      33613 5 1 629C2D6C060E2133CD0F4470F3ECC8834DA4FAD6
    infoblox.com.           86400   IN      DS      49879 5 2 605656DB7C9DFE4D8A453C350B3DA63039A78878DA089AD4247AB9A0 D3B43998
    infoblox.com.           86400   IN      DS      49879 5 1 C1DB78AD9A8928CB15A7E0CE9E4468D433F5C638
    infoblox.com.           86400   IN      RRSIG   DS 8 2 86400 20201006050039 20200929035039 24966 com. 0B701Vk+rrbm7GABHxrVTr1ZnWEpbkeFGAlCXRldd+NCTpi6kzIquaXE 7c4hQR4uqSY1jSlcO4OMEUMrBy7ntRZsZX1j4JkOOL8YGvoYlMGVRPg8 alDfOm3iClKdfKlBh6/PsdGVaiZ1OE6IO3TrufajePz5mfs/sDr/Yni7 AzDTLsPzekori+SytpPPWxzjVL0Wa3nMAUaruDtoF2KpuA==
    couldn't get address for 'ns1.infoblox.com': not found
    couldn't get address for 'ns2.infoblox.com': not found
    couldn't get address for 'ns3.infoblox.com': not found
    couldn't get address for 'ns4.infoblox.com': not found
    couldn't get address for 'ns5.infoblox.com': not found
    couldn't get address for 'ns6.infoblox.com': not found
    dig: couldn't get address for 'ns1.infoblox.com': no more
    

    A direct query with your second example works --

    [2.4.5-RELEASE][admin@firewall.themeeks.net]/root: dig @207.47.7.140 infoblox.com
    
    ; <<>> DiG 9.14.12 <<>> @207.47.7.140 infoblox.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52658
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 9
    ;; WARNING: recursion requested but not available
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ; COOKIE: cb9ae6a686d44f96d804fce45f75f6e035fe653e0d474cc4 (good)
    ;; QUESTION SECTION:
    ;infoblox.com.                  IN      A
    
    ;; ANSWER SECTION:
    infoblox.com.           30      IN      A       23.185.0.3
    
    ;; AUTHORITY SECTION:
    infoblox.com.           3600    IN      NS      ns3.infoblox.com.
    infoblox.com.           3600    IN      NS      ns2.infoblox.com.
    infoblox.com.           3600    IN      NS      ns6.infoblox.com.
    infoblox.com.           3600    IN      NS      ns1.infoblox.com.
    infoblox.com.           3600    IN      NS      ns4.infoblox.com.
    infoblox.com.           3600    IN      NS      ns5.infoblox.com.
    
    ;; ADDITIONAL SECTION:
    ns4.infoblox.com.       3600    IN      A       207.47.7.139
    ns1.infoblox.com.       3600    IN      A       207.47.7.140
    ns2.infoblox.com.       3600    IN      A       205.234.19.211
    ns3.infoblox.com.       3600    IN      A       205.234.19.10
    ns5.infoblox.com.       3600    IN      A       52.21.154.140
    ns6.infoblox.com.       3600    IN      A       23.99.82.199
    ns2.infoblox.com.       3600    IN      AAAA    2620:10a:6001:fffe::11
    ns3.infoblox.com.       3600    IN      AAAA    2620:10a:6001:fffe::10
    
    ;; Query time: 81 msec
    ;; SERVER: 207.47.7.140#53(207.47.7.140)
    ;; WHEN: Thu Oct 01 11:33:52 EDT 2020
    ;; MSG SIZE  rcvd: 345
    

    So for some reason my default unbound install does not seem to be able to locate the name servers for infoblox.com.


  • LAYER 8 Global Moderator

    @bmeeks said in NXDomain with Unbound:

    couldn't get address for 'ns1.infoblox.com': not found
    couldn't get address for 'ns2.infoblox.com': not found
    couldn't get address for 'ns3.infoblox.com': not found

    Yeah looks like for whatever reason you didn't get back the NS for infoblox from .com NSs..

    If you see here did a directed query to one of the .com NS and got back response.. Seems that is where your failing.. Trying doing directed query to one of them for the NSs

    $ dig @c.gtld-servers.net infoblox.com NS
    
    ; <<>> DiG 9.16.6 <<>> @c.gtld-servers.net infoblox.com NS
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57228
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 9
    ;; WARNING: recursion requested but not available
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;infoblox.com.                  IN      NS
    
    ;; AUTHORITY SECTION:
    infoblox.com.           172800  IN      NS      ns1.infoblox.com.
    infoblox.com.           172800  IN      NS      ns2.infoblox.com.
    infoblox.com.           172800  IN      NS      ns3.infoblox.com.
    infoblox.com.           172800  IN      NS      ns4.infoblox.com.
    infoblox.com.           172800  IN      NS      ns5.infoblox.com.
    infoblox.com.           172800  IN      NS      ns6.infoblox.com.
    
    ;; ADDITIONAL SECTION:
    ns1.infoblox.com.       172800  IN      A       207.47.7.140
    ns2.infoblox.com.       172800  IN      A       205.234.19.211
    ns2.infoblox.com.       172800  IN      AAAA    2620:10a:6001:fffe::11
    ns3.infoblox.com.       172800  IN      A       205.234.19.10
    ns3.infoblox.com.       172800  IN      AAAA    2620:10a:6001:fffe::10
    ns4.infoblox.com.       172800  IN      A       207.47.7.139
    ns5.infoblox.com.       172800  IN      A       52.21.154.140
    ns6.infoblox.com.       172800  IN      A       23.99.82.199
    
    ;; Query time: 30 msec
    ;; SERVER: 192.26.92.30#53(192.26.92.30)
    ;; WHEN: Thu Oct 01 10:42:56 Central Daylight Time 2020
    ;; MSG SIZE  rcvd: 301
    

    I would think if your having issues talking to the .com NS you would have lots and lots of stuff failing..



  • @johnpoz,
    Yeah, doing a directed query to gtld.servers.net works. Kind of weird. And my Microsoft AD DNS server can resolve it just fine. Other .com domains resolve fine. Just tested three other common .com domains and they resolve.


  • LAYER 8 Global Moderator

    Well digging a bit deeper they do seem to have a bit of issue, they list their soa as

    SOA     thens.infoblox.com. dns.infoblox.com. 2006564344 10800 1080 1209600 3600
    

    But thens.infoblox.com is not being handed out as NS from the .com NS..

    That could lead to some issues.. Its sometimes done on purpose, but could also be a misconfig, or they may be in the process of changing some stuff... Which could explain the super low 30 second ttls?



  • @johnpoz said in NXDomain with Unbound:

    Well digging a bit deeper they do seem to have a bit of issue, they list their soa as

    SOA     thens.infoblox.com. dns.infoblox.com. 2006564344 10800 1080 1209600 3600
    

    But thens.infoblox.com is not being handed out as NS from the .com NS..

    That could lead to some issues.. Its sometimes done on purpose, but could also be a misconfig, or they may be in the process of changing some stuff... Which could explain the super low 30 second ttls?

    Yeah, I'm thinking maybe it is just something specific to them temporarily. As you say, maybe they are making changes. I was just testing to see if I could reproduce the OP's error, and to my surprise I could.


  • LAYER 8 Global Moderator

    They are one of the major players in dns.. their appliances are used across the globe with some really big players.. I would have to take it they in the process of changing something maybe?

    If not - someone getting fired, if its just a stupid misconfig ;) hehehe


Log in to reply