From owner-freebsd-stable@freebsd.org  Tue Mar 15 17:29:54 2016
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FCFFAD0960
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Tue, 15 Mar 2016 17:29:54 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id BD9921DBF
 for <freebsd-stable@freebsd.org>; Tue, 15 Mar 2016 17:29:53 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221])
 by hz.grosbein.net (8.14.9/8.14.9) with ESMTP id u2FHSB8u033615
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Tue, 15 Mar 2016 18:28:12 +0100 (CET)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: abrancatelli@schema31.it
Received: from [10.58.0.10] (dadvw [10.58.0.10])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id u2FHS16o008996
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Wed, 16 Mar 2016 00:28:01 +0700 (KRAT)
 (envelope-from eugen@grosbein.net)
Subject: Re: Problems with unbound
To: Andrea Brancatelli <abrancatelli@schema31.it>,
 =?UTF-8?Q?Trond_Endrest=c3=b8l?= <Trond.Endrestol@fagskolen.gjovik.no>
References: <f7856f2cc504efd0449091308a97f339@schema31.it>
 <alpine.BSF.2.20.1603151338550.1010@mail.fig.ol.no>
 <e7b93ecb3ba1e1213033cabe507b4847@schema31.it>
Cc: freebsd-stable@freebsd.org
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <56E8461D.5020706@grosbein.net>
Date: Wed, 16 Mar 2016 00:27:57 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <e7b93ecb3ba1e1213033cabe507b4847@schema31.it>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM
 autolearn=no version=3.3.2
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2016 17:29:54 -0000

15.03.2016 21:55, Andrea Brancatelli пишет:
> Hi, the machine is connected "directly enough" (it's in a datacenter) to
> safely excude point 1.

Contrary, datacenters are known to have dumb filters dropping
fragmented UDP packets that are essential for DNSSEC,
so the "point 1" is most probable reason.

Please take a look at this article:
https://kb.isc.org/article/AA-01219/0/Refinements-to-EDNS-fallback-behavior-can-cause-different-outcomes-in-Recursive-Servers.html

4th paragraph is probably your case.