[Pkg-dns-devel] Bug#859337: Bug#859337: unbound: 1.6.0-3 breaks resolving deb.debian.org

[Julien Cristau]

On 04/02/2017 10:07 AM, Robert Edmonds wrote:
> Julien Cristau wrote:
>> Package: unbound
>> Version: 1.6.0-3
>> Severity: grave
>>
>> Hi,
>>
>> after upgrading from 1.6.0-2 to 1.6.0-3 unbound can't seem to be able to
>> resolve deb.debian.org.  Upping the verbosity I get the feeling it's
>> alternating between querying deb.debian.org DS and static.debian.org DS,
>> never going up to debian.org DS.  Downgrading makes things work again.
>>
>> Apr  2 15:49:55 tomate unbound: [685:0] info: resolving deb.debian.org. A IN
>> Apr  2 15:49:55 tomate unbound: [685:0] info: resolving deb.debian.org. A IN
>> Apr  2 15:49:55 tomate unbound: [685:0] info: resolving deb.debian.org.
>> DS IN
>> Apr  2 15:49:56 tomate unbound: [685:0] info: response for
>> deb.debian.org. DS IN
>> Apr  2 15:49:56 tomate unbound: [685:0] info: reply from <.> 4.2.2.1#53
> 
> Hi, Julien:
> 
> Are you forwarding queries to 4.2.2.1?
> 
Looks like it's in the domain-name-servers dhcp option on this network,
so yes (through dnssec-trigger).

> Could you send your unbound.conf and any conf.d files and I'll try to
> replicate the problem?
> 
unbound.conf says
include: "/etc/unbound/unbound.conf.d/*.conf"

The entries in unbound.conf.d set "qname-minimisation: yes" and
"auto-trust-anchor-file: "/var/lib/unbound/root.key""

And then dnssec-trigger sets the forwarding.

Cheers,
Julien