SERVFAIL?!

Michael Voight mvoight at cisco.com
Wed Aug 18 20:28:03 UTC 1999 

Additionally, if you do not have your reverse domains set up correctly,
DNS queries are going to go to the internet to resolve PTR records
whenever someone connects to a server.

Michael

Jim Reid wrote:
> 
> >>>>> "David" == David Brueckmann <brueckmann at mycontrol.de> writes:
> 
>     David> I have a customer with a mailserver (sendmail) connected
>     David> via dialup running.
> 
>     David> I need the forwarders because these are the only
>     David> nameservers this machine can reach.
> 
> Hmm. Forwarding isn't usually a good idea with a dial-up link, but if
> that's all they've got......
> 
>     David> The problem is: Sometimes (every 4-5 days) there are many
>     David> entries like
> 
>     David> named[130]: sysquery: findns error (SERVFAIL) on
>     David> mailin01.btx.dtag.de?
> 
>     David> in my syslog and the machine dials up about 40 times per
>     David> day.
> 
>     David> What is the problem?
> 
> The "findns error" means that your name server was unable to find any
> name servers for the btx.dtag.de or maybe the dtag.de domains. [I'm
> assuming that the .de name servers haven't vanished from the net.] Use
> host or dig or nslookup - I can't be bothered - to find the NS records
> for these domains and then resolve them to IP addresses. Then query
> those IP addresses for stuff in the btx.dtag.de or dtag.de domains.
> [Asking them for the MX and/or A records for mailin01.btx.dtag.de
> would seem to be worthwhile.] This should identify where the broken
> delegation occurred. These NS records either point at unresolvable
> names or else they resolve to A records which don't run name servers
> for one of the two domains.
> 
> Since your name server can't find name servers for these domains,
> lookups for mailin01.btx.dtag.de fail. This might cause sendmail to
> queue the mail and retry the delivery later. So the next time the
> mail queue is run, sendmail looks up mailin01.btx.dtag.de, gets a
> SERVFAIL error, and queues it again. That could explain 40 or so error
> messages in the log. Or perhaps something at the customer's site is
> trying to send 40 or so mail messages to mailin01.btx.dtag.de every 4
> or 5 days....
> 
> To fix this, you need to find the broken delegation and get the
> hostmaster for that domain to fix it so that the world can lookup
> mailin01.btx.dtag.de successfully. It might also be possible to change
> sendmail so that SERVFAIL errors from the DNS cause mail to be
> bounced. There's bound to be an option somewhere in sendmail.cf to
> switch this off or on. This might reduce the number of messages in the
> logs.

More information about the bind-users mailing list