Package: unbound Version: 1.4.10-1 Severity: normal I've noticed this on my home router, which has a fairly fresh dnsmasq. Apparently, unbound can't resolve through this and just SERVFAILs for everything. Obviously, this is primarily a problem in dnsmasq (I assume). But since dnsmasq is in tons of home routers and unbound uses forwarding by default in Debian, I think it's important to have a workaround in place.
I think a good solution would be for unbound to detect when it can't reliably resolve through one of the forwarding hosts and stop using it, falling back to normal recursion if they all end up being dropped. Ideally, this would happen before the user experiences lookup failures, for example by immediately resolving a bunch of well-known hosts after adding new forwarders, so that they will already be dropped with a high probability if they are broken. Until this type of workaround is in place, I would suggest disabling resolvconf forwarders by default, or putting out a clear warning "This might kill your DNS, stop the unbound daemon if you can't resolve anything anymore." -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
