unbound
unbound copied to clipboard
NLnetLabs
unbound-host -dvr -c CH -t TXT version.bind requires priming
Describe the bug
A clear and concise description of what the bug is. It seems unbound-host cannot be used to query classic chaos records, like version.bind or hostname.bind. Unbound supports them, but I have not found simple way to use unbound-host to query those.
It tries first priming CH NS ., which would be likely refused even by unbound.
To reproduce Steps to reproduce the behavior:
- unbound-host -dvr -c CH -t TXT version.bind
Expected behavior
A clear and concise description of what you expected to happen. Should get version from server if possible. Should not require priming CH . NS, especially when -r is passed and priming should not be required.
System:
- Unbound version: unbound-1.22.0-14.fc43.x86_64
- OS: Fedora 43 (rawhide)
unbound -Voutput:
Version 1.22.0
Configure line: --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/bin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --runstatedir=/run --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-pythonmodule --with-pyunbound PYTHON=/usr/bin/python3 --enable-dnstap --enable-systemd --with-libnghttp2 --with-libhiredis --enable-cachedb --with-libevent --with-pthreads --with-ssl --disable-rpath --disable-static --enable-relro-now --enable-pie --enable-subnet --enable-ipsecmod --with-conf-file=/etc/unbound/unbound.conf --with-share-dir=/usr/share/unbound --with-pidfile=/run/unbound/unbound.pid --enable-sha2 --disable-gost --enable-ecdsa --with-rootkey-file=/var/lib/unbound/root.key --with-username=unbound --enable-linux-ip-local-port-range --with-dynlibmodule
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.5.0 8 Apr 2025
Linked modules: dns64 python dynlib cachedb ipsecmod subnetcache respip validator iterator
BSD licensed, see LICENSE in source package for details.
Report bugs to [email protected] or https://github.com/NLnetLabs/unbound/issues
Additional information Add any other information that you may have gathered about the issue here.
Actually happens:
# unbound-host -vdr -c ch -t txt .
[1747246851] libunbound[2372:0] notice: init module 0: subnetcache
[1747246851] libunbound[2372:0] notice: init module 1: validator
[1747246851] libunbound[2372:0] notice: init module 2: iterator
[1747246851] libunbound[2372:0] info: resolving . TXT CH
[1747246851] libunbound[2372:0] info: priming . CH NS
Host . not found: 5(REFUSED). (error)
# dig +short ch txt version.bind
"unbound 1.22.0"
The unbound-host program does not support querying for version.bind and similar CH records. The tool in unbound 'streamtcp' can do this, ./streamtcp -u -f 192.0.2.38 version.bind. TXT CH for example.
The '-c' option was created to be able to set the class for the full resolver. That then can not do anything with it, because it has no root hints for it. But the resolver function has the parameter, so this is why the option exists. It is not for querying debug TXT records. Specifying the class for the full resolver has no use really, since there are no resolution hints for the other class, but it was added for completeness.
