unbound: unbound client not returning A record that is valid with every other dns client, hex and binary output from server with analysis provided

dig works

dig ispapp.co A

; <<>> DiG 9.10.6 <<>> ispapp.co A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53695
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ispapp.co.			IN	A

;; ANSWER SECTION:
ispapp.co.		3000	IN	A	66.29.154.119

;; Query time: 399 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sun Dec 04 03:46:39 +10 2022
;; MSG SIZE  rcvd: 54

nslookup works

nslookup ispapp.co
Server:		172.16.32.1
Address:	172.16.32.1#53

Non-authoritative answer:
Name:	ispapp.co
Address: 66.29.154.119

Unbound does not work https://unboundtest.com/m/A/ispapp.co/RHSOZCYC

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 17 (3 by maintainers)

Commits related to this issue

Most upvoted comments

Yeah, but in this case it’s a feature, see https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#unbound-conf-private-address and I understand why Let’s Encrypt is using it.

My main point is: Unboundtest.com is not a generic service where anyone can test how a typical unbound instance will behave. This service is providing a highly specialized instance and if you use this service to test your DNS infrastructure for example, you should be aware of that (which I wasn’t until I found your issue).

+1
Whissi on Dec 20, 2022
Read more comments on GitHub
← unbound: unbound becoming unreliable and stops responding under certain conditions
NLog: App crash on UWP (.Net Standard 1.3) when built in release mode and submitted to Store →