Bugzilla – Bug 1437
unbound not returning A/AAAA record on NS query
Last modified: 2017-09-19 11:02:56 CEST
"example.com NS sub.example.com.", "sub.example.com A 10.1.1.1"
when i query ns record , we dont get A record in additional section
# dig @10.17.9.250 example.com ns
; <<>> DiG 9.10.3-P4 <<>> @10.17.9.250 example.com ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29207
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 10 IN NS sub.example.com.
;; Query time: 21 msec
;; SERVER: 10.17.9.250#53(10.17.9.250)
;; WHEN: Fri Aug 18 13:40:20 PDT 2017
;; MSG SIZE rcvd: 80
actually we are using 5-6 year old code base. we have used unbound as a service so did changes regarding how we interact with unbound hence we cant update the code. Not sure if its working in latest or not.
This is not part of the spec for DNS to return that record. It is sometimes included. But not always, the answer you see here is the minimal answer. It is smaller and that is why.
If you want that A record, you can perform a lookup for sub.example.com. A. And also sub.example.com. AAAA (if it is reachable over IPv6).
Unbound has a minimal-responses option (that you can try to turn off if it is turned on). But unbound actually also gets this from the upstream data, that may deliver this answer in this manner. They choose to enable minimal responses, and thus unbound has a minimal response for this query.
Best regards, Wouter