-
-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Response change to NODATA for some ANY queries since 1.12, tested on 1.16.1 #823
Comments
The issue seems to stem from the new default, that turns on aggressive-nsec. What was wrong was that the server used aggressive nsec information to disprove, with a nodata answer, the query of type ANY. The information is from the negative cache, built up with the type A query. The fix changes it so that type ANY queries do not receive nodata answers from the negative cache. The default for this has been changed since 1.12, and this is why I guess the issue is now observable. Thanks for the report! |
* nlnet/master: - Improve documentation for NLnetLabs#826, describe the large collisions amount. Changelog note and documentation for NLnetLabs#826 - Merge NLnetLabs#826: Аdd a metric about the maximum number of collisions in lrushah. add a metric about the maximum number of collisions in lrushah Code repository continues with version 1.17.2. - Fix python version detection in configure. - Fix python module install path detection. Changelog note for 1.17.1rc2 fix. - Fix wildcard in hyperlocal zone service degradation, reported by Sergey Kacheev. This fix is included in 1.17.1rc2. - Fix wildcard in hyperlocal zone service degradation, reported by Sergey Kacheev. - Fix NLnetLabs#823: Response change to NODATA for some ANY queries since 1.12, tested on 1.16.1. Changelog note for tag for 1.17.1rc1. - Tag for 1.17.1 release. Add Mastodon link Add Mastodon - Update github workflows to use checkout v3. - Fix windows compile for libunbound subprocess reap comm point closes.
Describe the bug
Behavior change in the response from certain TLDs noticed between 1.12 and 1.16.1 when querying ".br" with ANY for example it now returns NODATA. The SOA is moved to the authority section from the answer. It appears that unbound is 'fixing' the answer and moving the soa to the authority section and then caching it. This is a divergence in response behavior and doesn't match other providers, for example: https://dns.google/resolve?name=br&type=ANY&do=true or
To reproduce
Steps to reproduce the behavior:
dig br. -t A
dig br. -t ANY
Expected behavior
A clear and concise description of what you expected to happen.
unbound 1.12
unbound 1.16.1
logs from 1.16.1
System:
unbound -V
output:Additional information
Add any other information that you may have gathered about the issue here.
The text was updated successfully, but these errors were encountered: