Forwarding knot through knot
This happens with a knot resolver in my office omnia. It is configured to forward queries through the office resolver, which is AFAIK also knot resolver (there should have been multiple resolvers with only one of the knot, but it seems I get only the knot one from DNS). Resolving some names fails sometimes (but for quite a some time in a row, maybe until something in a cache times out). This is the verbose log from resolving feedproxy.google.com:
2017-03-30T11:16:04+02:00 info kresd[8301]: [ 0][plan] plan 'feedproxy.google.com.' type 'A'
2017-03-30T11:16:04+02:00 info kresd[8301]: [63233][iter] 'feedproxy.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:04+02:00 info kresd[8301]: [63233][plan] plan 'com.' type 'DS'
2017-03-30T11:16:04+02:00 info kresd[8301]: [16629][iter] 'com.' type 'DS' id was assigned, parent id 63233
2017-03-30T11:16:04+02:00 info kresd[8301]: [16629][plan] plan '.' type 'DNSKEY'
2017-03-30T11:16:04+02:00 info kresd[8301]: [10395][iter] '.' type 'DNSKEY' id was assigned, parent id 16629
2017-03-30T11:16:04+02:00 info kresd[8301]: [10395][resl] => querying: '172.20.20.53' score: 1425 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
2017-03-30T11:16:04+02:00 info kresd[8301]: [10395][iter] <= rcode: NOERROR
2017-03-30T11:16:04+02:00 info kresd[8301]: [10395][vldr] <= parent: updating DNSKEY
2017-03-30T11:16:04+02:00 info kresd[8301]: [10395][vldr] <= answer valid, OK
2017-03-30T11:16:04+02:00 info kresd[8301]: [10395][resl] <= server: '172.20.20.53' rtt: 2 ms
2017-03-30T11:16:04+02:00 info kresd[8301]: [54019][iter] 'com.' type 'DS' id was assigned, parent id 63233
2017-03-30T11:16:04+02:00 info kresd[8301]: [54019][resl] => querying: '172.20.20.53' score: 1425 zone cut: '.' m12n: 'COM.' type: 'DS' proto: 'udp'
2017-03-30T11:16:04+02:00 info kresd[8301]: [54019][iter] <= rcode: NOERROR
2017-03-30T11:16:04+02:00 info kresd[8301]: [54019][vldr] <= DS: OK
2017-03-30T11:16:04+02:00 info kresd[8301]: [54019][vldr] <= parent: updating DS
2017-03-30T11:16:04+02:00 info kresd[8301]: [54019][vldr] <= answer valid, OK
2017-03-30T11:16:04+02:00 info kresd[8301]: [54019][resl] <= server: '172.20.20.53' rtt: 1 ms
2017-03-30T11:16:04+02:00 info kresd[8301]: [45673][iter] 'feedproxy.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:04+02:00 info kresd[8301]: [45673][plan] plan 'google.com.' type 'DS'
2017-03-30T11:16:04+02:00 info kresd[8301]: [ 3820][iter] 'google.com.' type 'DS' id was assigned, parent id 45673
2017-03-30T11:16:04+02:00 info kresd[8301]: [ 3820][plan] plan 'com.' type 'DNSKEY'
2017-03-30T11:16:04+02:00 info kresd[8301]: [33271][iter] 'com.' type 'DNSKEY' id was assigned, parent id 3820
2017-03-30T11:16:04+02:00 info kresd[8301]: [33271][resl] => querying: '172.20.20.53' score: 1425 zone cut: 'com.' m12n: 'CoM.' type: 'DNSKEY' proto: 'udp'
2017-03-30T11:16:04+02:00 info kresd[8301]: [33271][iter] <= rcode: NOERROR
2017-03-30T11:16:04+02:00 info kresd[8301]: [33271][plan] plan 'com.' type 'DS'
2017-03-30T11:16:04+02:00 info kresd[8301]: unsigned_forward: next cutname: com.
2017-03-30T11:16:04+02:00 info kresd[8301]: [33271][resl] <= server: '172.20.20.53' rtt: 50 ms
2017-03-30T11:16:04+02:00 info kresd[8301]: [54301][iter] 'com.' type 'DS' id was assigned, parent id 33271
2017-03-30T11:16:04+02:00 info kresd[8301]: [54301][ rc ] => satisfied from cache
2017-03-30T11:16:04+02:00 info kresd[8301]: [54301][iter] <= rcode: NOERROR
2017-03-30T11:16:04+02:00 info kresd[8301]: [54301][vldr] <= DS: OK
2017-03-30T11:16:04+02:00 info kresd[8301]: [54301][vldr] <= parent: updating DS
2017-03-30T11:16:04+02:00 info kresd[8301]: [54301][vldr] <= answer valid, OK
2017-03-30T11:16:04+02:00 info kresd[8301]: [33271][resl] => resuming yielded answer
2017-03-30T11:16:04+02:00 info kresd[8301]: [33271][vldr] <= bad keys, broken trust chain
2017-03-30T11:16:04+02:00 info kresd[8301]: [ 0][resl] finished: 8, queries: 3, mempool: 32784 B
2017-03-30T11:16:05+02:00 info kresd[8301]: [ 0][plan] plan '.' type 'DNSKEY'
2017-03-30T11:16:05+02:00 info kresd[8301]: [28015][iter] '.' type 'DNSKEY' id was assigned, parent id 0
2017-03-30T11:16:05+02:00 info kresd[8301]: [28015][ rc ] => satisfied from cache
2017-03-30T11:16:05+02:00 info kresd[8301]: [28015][iter] <= rcode: NOERROR
2017-03-30T11:16:05+02:00 info kresd[8301]: [ 0][resl] finished: 4, queries: 1, mempool: 98328 B
2017-03-30T11:16:05+02:00 info kresd[8301]: [ ta ] key: 19036 state: Valid
2017-03-30T11:16:05+02:00 info kresd[8301]: [ ta ] new state of root trust anchors:
2017-03-30T11:16:05+02:00 info kresd[8301]: . 8785 DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
2017-03-30T11:16:05+02:00 info kresd[8301]: [ ta ] next refresh in 1.2201388888889 hours
2017-03-30T11:16:05+02:00 info kresd[8301]: [ 0][plan] plan '.' type 'NS'
2017-03-30T11:16:05+02:00 info kresd[8301]: [ 7352][iter] '.' type 'NS' id was assigned, parent id 0
2017-03-30T11:16:05+02:00 info kresd[8301]: [ 7352][resl] >< TA: '.'
2017-03-30T11:16:05+02:00 info kresd[8301]: [ 7352][plan] plan '.' type 'DNSKEY'
2017-03-30T11:16:05+02:00 info kresd[8301]: [43666][iter] '.' type 'DNSKEY' id was assigned, parent id 7352
2017-03-30T11:16:05+02:00 info kresd[8301]: [43666][ rc ] => satisfied from cache
2017-03-30T11:16:05+02:00 info kresd[8301]: [43666][iter] <= rcode: NOERROR
2017-03-30T11:16:05+02:00 info kresd[8301]: [43666][vldr] <= parent: updating DNSKEY
2017-03-30T11:16:05+02:00 info kresd[8301]: [43666][vldr] <= answer valid, OK
2017-03-30T11:16:05+02:00 info kresd[8301]: [10260][iter] '.' type 'NS' id was assigned, parent id 0
2017-03-30T11:16:05+02:00 info kresd[8301]: [10260][resl] => querying: '172.20.20.53' score: 30 zone cut: '.' m12n: '.' type: 'NS' proto: 'udp'
2017-03-30T11:16:05+02:00 info kresd[8301]: [10260][iter] <= rcode: NOERROR
2017-03-30T11:16:05+02:00 info kresd[8301]: [10260][vldr] <= answer valid, OK
2017-03-30T11:16:05+02:00 info kresd[8301]: [10260][resl] <= server: '172.20.20.53' rtt: 2 ms
2017-03-30T11:16:05+02:00 info kresd[8301]: [ 0][resl] finished: 4, queries: 2, mempool: 81936 B
2017-03-30T11:16:09+02:00 info kresd[8301]: [ 0][plan] plan 'clients1.google.com.' type 'A'
2017-03-30T11:16:09+02:00 info kresd[8301]: [45271][iter] 'clients1.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:09+02:00 info kresd[8301]: [45271][resl] => querying: '172.20.20.53' score: 20 zone cut: '.' m12n: 'cLieNtS1.GOoGlE.cOM.' type: 'A' proto: 'udp'
2017-03-30T11:16:09+02:00 info kresd[8301]: [45271][iter] <= rcode: NOERROR
2017-03-30T11:16:09+02:00 info kresd[8301]: [45271][iter] <= cname chain, following
2017-03-30T11:16:09+02:00 info kresd[8301]: [ 0][plan] plan 'clients.l.google.com.' type 'A'
2017-03-30T11:16:09+02:00 info kresd[8301]: [45271][resl] <= server: '172.20.20.53' rtt: 1 ms
2017-03-30T11:16:09+02:00 info kresd[8301]: [23888][iter] 'clients.l.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:09+02:00 info kresd[8301]: [23888][plan] plan 'com.' type 'DS'
2017-03-30T11:16:09+02:00 info kresd[8301]: [43960][iter] 'com.' type 'DS' id was assigned, parent id 23888
2017-03-30T11:16:09+02:00 info kresd[8301]: [43960][ rc ] => satisfied from cache
2017-03-30T11:16:09+02:00 info kresd[8301]: [43960][iter] <= rcode: NOERROR
2017-03-30T11:16:09+02:00 info kresd[8301]: [43960][vldr] <= DS: OK
2017-03-30T11:16:09+02:00 info kresd[8301]: [43960][vldr] <= parent: updating DS
2017-03-30T11:16:09+02:00 info kresd[8301]: [43960][vldr] <= answer valid, OK
2017-03-30T11:16:09+02:00 info kresd[8301]: [ 4318][iter] 'clients.l.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:09+02:00 info kresd[8301]: [ 4318][plan] plan 'google.com.' type 'DS'
2017-03-30T11:16:09+02:00 info kresd[8301]: [24637][iter] 'google.com.' type 'DS' id was assigned, parent id 4318
2017-03-30T11:16:09+02:00 info kresd[8301]: [24637][plan] plan 'com.' type 'DNSKEY'
2017-03-30T11:16:09+02:00 info kresd[8301]: [29474][iter] 'com.' type 'DNSKEY' id was assigned, parent id 24637
2017-03-30T11:16:09+02:00 info kresd[8301]: [29474][resl] => querying: '172.20.20.53' score: 1425 zone cut: 'com.' m12n: 'CoM.' type: 'DNSKEY' proto: 'udp'
2017-03-30T11:16:09+02:00 info kresd[8301]: [29474][iter] <= rcode: NOERROR
2017-03-30T11:16:09+02:00 info kresd[8301]: [29474][plan] plan 'com.' type 'DS'
2017-03-30T11:16:09+02:00 info kresd[8301]: unsigned_forward: next cutname: com.
2017-03-30T11:16:09+02:00 info kresd[8301]: [29474][resl] <= server: '172.20.20.53' rtt: 26 ms
2017-03-30T11:16:09+02:00 info kresd[8301]: [34556][iter] 'com.' type 'DS' id was assigned, parent id 29474
2017-03-30T11:16:09+02:00 info kresd[8301]: [34556][ rc ] => satisfied from cache
2017-03-30T11:16:09+02:00 info kresd[8301]: [34556][iter] <= rcode: NOERROR
2017-03-30T11:16:09+02:00 info kresd[8301]: [34556][vldr] <= DS: OK
2017-03-30T11:16:09+02:00 info kresd[8301]: [34556][vldr] <= parent: updating DS
2017-03-30T11:16:09+02:00 info kresd[8301]: [34556][vldr] <= answer valid, OK
2017-03-30T11:16:09+02:00 info kresd[8301]: [29474][resl] => resuming yielded answer
2017-03-30T11:16:09+02:00 info kresd[8301]: [29474][vldr] <= bad keys, broken trust chain
2017-03-30T11:16:09+02:00 info kresd[8301]: [ 0][resl] finished: 8, queries: 3, mempool: 16392 B
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 0][plan] plan 'clients1.google.com.' type 'A'
2017-03-30T11:16:14+02:00 info kresd[8301]: [29412][iter] 'clients1.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:14+02:00 info kresd[8301]: [29412][ rc ] => satisfied from cache
2017-03-30T11:16:14+02:00 info kresd[8301]: [29412][iter] <= rcode: NOERROR
2017-03-30T11:16:14+02:00 info kresd[8301]: [29412][iter] <= cname chain, following
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 0][plan] plan 'clients.l.google.com.' type 'A'
2017-03-30T11:16:14+02:00 info kresd[8301]: [46179][iter] 'clients.l.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:14+02:00 info kresd[8301]: [46179][plan] plan 'com.' type 'DS'
2017-03-30T11:16:14+02:00 info kresd[8301]: [54991][iter] 'com.' type 'DS' id was assigned, parent id 46179
2017-03-30T11:16:14+02:00 info kresd[8301]: [54991][ rc ] => satisfied from cache
2017-03-30T11:16:14+02:00 info kresd[8301]: [54991][iter] <= rcode: NOERROR
2017-03-30T11:16:14+02:00 info kresd[8301]: [54991][vldr] <= DS: OK
2017-03-30T11:16:14+02:00 info kresd[8301]: [54991][vldr] <= parent: updating DS
2017-03-30T11:16:14+02:00 info kresd[8301]: [54991][vldr] <= answer valid, OK
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 3451][iter] 'clients.l.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 3451][plan] plan 'google.com.' type 'DS'
2017-03-30T11:16:14+02:00 info kresd[8301]: [36008][iter] 'google.com.' type 'DS' id was assigned, parent id 3451
2017-03-30T11:16:14+02:00 info kresd[8301]: [36008][plan] plan 'com.' type 'DNSKEY'
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 8037][iter] 'com.' type 'DNSKEY' id was assigned, parent id 36008
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 8037][resl] => querying: '172.20.20.53' score: 1425 zone cut: 'com.' m12n: 'CoM.' type: 'DNSKEY' proto: 'udp'
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 8037][iter] <= rcode: NOERROR
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 8037][plan] plan 'com.' type 'DS'
2017-03-30T11:16:14+02:00 info kresd[8301]: unsigned_forward: next cutname: com.
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 8037][resl] <= server: '172.20.20.53' rtt: 26 ms
2017-03-30T11:16:14+02:00 info kresd[8301]: [43881][iter] 'com.' type 'DS' id was assigned, parent id 8037
2017-03-30T11:16:14+02:00 info kresd[8301]: [43881][ rc ] => satisfied from cache
2017-03-30T11:16:14+02:00 info kresd[8301]: [43881][iter] <= rcode: NOERROR
2017-03-30T11:16:14+02:00 info kresd[8301]: [43881][vldr] <= DS: OK
2017-03-30T11:16:14+02:00 info kresd[8301]: [43881][vldr] <= parent: updating DS
2017-03-30T11:16:14+02:00 info kresd[8301]: [43881][vldr] <= answer valid, OK
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 8037][resl] => resuming yielded answer
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 8037][vldr] <= bad keys, broken trust chain
2017-03-30T11:16:14+02:00 info kresd[8301]: [ 0][resl] finished: 8, queries: 3, mempool: 16392 B
2017-03-30T11:16:15+02:00 info kresd[8301]: [ 0][plan] plan 'clients1.google.com.' type 'A'
2017-03-30T11:16:15+02:00 info kresd[8301]: [41593][iter] 'clients1.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:15+02:00 info kresd[8301]: [41593][ rc ] => satisfied from cache
2017-03-30T11:16:15+02:00 info kresd[8301]: [41593][iter] <= rcode: NOERROR
2017-03-30T11:16:15+02:00 info kresd[8301]: [41593][iter] <= cname chain, following
2017-03-30T11:16:15+02:00 info kresd[8301]: [ 0][plan] plan 'clients.l.google.com.' type 'A'
2017-03-30T11:16:15+02:00 info kresd[8301]: [16320][iter] 'clients.l.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:15+02:00 info kresd[8301]: [16320][plan] plan 'com.' type 'DS'
2017-03-30T11:16:15+02:00 info kresd[8301]: [60563][iter] 'com.' type 'DS' id was assigned, parent id 16320
2017-03-30T11:16:15+02:00 info kresd[8301]: [60563][ rc ] => satisfied from cache
2017-03-30T11:16:15+02:00 info kresd[8301]: [60563][iter] <= rcode: NOERROR
2017-03-30T11:16:15+02:00 info kresd[8301]: [60563][vldr] <= DS: OK
2017-03-30T11:16:15+02:00 info kresd[8301]: [60563][vldr] <= parent: updating DS
2017-03-30T11:16:15+02:00 info kresd[8301]: [60563][vldr] <= answer valid, OK
2017-03-30T11:16:15+02:00 info kresd[8301]: [26491][iter] 'clients.l.google.com.' type 'A' id was assigned, parent id 0
2017-03-30T11:16:15+02:00 info kresd[8301]: [26491][plan] plan 'google.com.' type 'DS'
2017-03-30T11:16:15+02:00 info kresd[8301]: [59455][iter] 'google.com.' type 'DS' id was assigned, parent id 26491
2017-03-30T11:16:15+02:00 info kresd[8301]: [59455][plan] plan 'com.' type 'DNSKEY'
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][iter] 'com.' type 'DNSKEY' id was assigned, parent id 59455
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][resl] => querying: '172.20.20.53' score: 1425 zone cut: 'com.' m12n: 'Com.' type: 'DNSKEY' proto: 'udp'
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][resl] => querying: '2001:1488:fffe:20::53' score: 1425 zone cut: 'com.' m12n: 'Com.' type: 'DNSKEY' proto: 'udp'
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][resl] => querying: '172.20.20.53' score: 1425 zone cut: 'com.' m12n: 'Com.' type: 'DNSKEY' proto: 'udp'
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][iter] <= rcode: NOERROR
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][plan] plan 'com.' type 'DS'
2017-03-30T11:16:15+02:00 info kresd[8301]: unsigned_forward: next cutname: com.
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][resl] <= server: '172.20.20.53' rtt: 278 ms
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][resl] <= server: '2001:1488:fffe:20::53' rtt: >=178 ms
2017-03-30T11:16:15+02:00 info kresd[8301]: [26125][iter] 'com.' type 'DS' id was assigned, parent id 59858
2017-03-30T11:16:15+02:00 info kresd[8301]: [26125][ rc ] => satisfied from cache
2017-03-30T11:16:15+02:00 info kresd[8301]: [26125][iter] <= rcode: NOERROR
2017-03-30T11:16:15+02:00 info kresd[8301]: [26125][vldr] <= DS: OK
2017-03-30T11:16:15+02:00 info kresd[8301]: [26125][vldr] <= parent: updating DS
2017-03-30T11:16:15+02:00 info kresd[8301]: [26125][vldr] <= answer valid, OK
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][resl] => resuming yielded answer
2017-03-30T11:16:15+02:00 info kresd[8301]: [59858][vldr] <= bad keys, broken trust chain
The unbound on the old turris router seems to suffer the same thing, therefore I guess something is wrong with the upstream (office-wide) resolver.