intermittent SERVFAIL on certain domains
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Thu Apr 11 16:58:27 UTC 2002
Mark Frey <am335 at hwcn.org> wrote:
> I've seen SERVFAIL problems on certain domains on and off for quite a
> while on our caching nameserver. I've read discussion here that it
> usually is caused by nameservers for the domain that have errors in
> the data or configuration and that don't return authoritative answers
> but this does not appear to be the case with this domain at this time.
> Re-starting named will fix the problem. Here's some exerpts from
> named_dump.db before and after, and some host queries with the
> recursion flag off. Bind is version 9.2.0.
> While experiencing the problem, named has glue for the brcc.ca NS
> records but no authauthority. After restarting, there is
> authauthority and no glue, and the domain resolves properly.
your RHS of your NS records are CNAME's . That's not allowed.
Use beta.worldchat.com and alpha.worldchat.com instead. Even better
try to find a third NS outside your LAN.
Then your SOA record contains no working contact address ( this will
not make your dns broken but it will make it more difficult to
reach You in case needed, and is against standards)
Your MX record is also referencing a CNAME,which is illegal.
peter h
> Any thoughts on what might have caused this situation? Sorry for the
> long post.
> Mark.
> named returns SERVFAIL on brcc.ca
> Sendmail rejects mail from this domain. From sendmail syslogs:
> reject=451 4.1.8 Domain of sender address x at brcc.ca does not resolve
> # host brcc.ca
> Host brcc.ca not found: 2(SERVFAIL)
> # host -a -r brcc.ca
> Trying "brcc.ca"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57508
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUESTION SECTION:
> ;brcc.ca. IN ANY
> ;; AUTHORITY SECTION:
> brcc.ca. 23991 IN NS ns.worldchat.com.
> brcc.ca. 23991 IN NS ns2.worldchat.com.
> ;; ADDITIONAL SECTION:
> ns.worldchat.com. 96776 IN A 204.138.239.60
> ns2.worldchat.com. 96776 IN A 204.138.239.137
> Received 105 bytes from 127.0.0.1#53 in 243 ms
> Dumped named_dump.db earlier when named was returning SERVFAIL,
> pertinent entries:
> ; glue
> brcc.CA. 32687 NS ns.worldchat.com.
> 32687 NS ns2.worldchat.com.
> ; authauthority
> worldchat.com. 8696 NS ns.worldchat.com.
> 8696 NS ns2.worldchat.com.
> ; authanswer
> 8696 A 204.138.239.60
> ; answer
> NS.worldchat.com. 105472 A 204.138.239.60
> ; answer
> NS2.worldchat.com. 105472 A 204.138.239.137
> Dumped named_dump.db after restarting named and letting sendmail
> resolve brcc.ca:
> ; authauthority
> brcc.ca. 85942 NS ns.worldchat.com.
> 85942 NS ns2.worldchat.com.
> ; authanswer
> 85942 A 204.138.239.60
> # host -a -r brcc.ca a.root-servers.net
> Trying "brcc.ca"
> Using domain server:
> Name: a.root-servers.net
> Address: 198.41.0.4#53
> Aliases:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10683
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 6
> ;; QUESTION SECTION:
> ;brcc.ca. IN ANY
> ;; AUTHORITY SECTION:
> ca. 172800 IN NS CLOUSO.RISQ.QC.ca.
> ca. 172800 IN NS NS2.UUNET.ca.
> ca. 172800 IN NS RELAY.CDNNET.ca.
> ca. 172800 IN NS RS0.NETSOL.COM.
> ca. 172800 IN NS MERLE.CIRA.ca.
> ca. 172800 IN NS NS3.UTORONTO.ca.
> ;; ADDITIONAL SECTION:
> CLOUSO.RISQ.QC.ca. 172800 IN A 192.26.210.1
> NS2.UUNET.ca. 172800 IN A 142.77.1.5
> RELAY.CDNNET.ca. 172800 IN A 192.73.5.1
> RS0.NETSOL.COM. 172800 IN A 216.168.224.206
> MERLE.CIRA.ca. 172800 IN A 64.26.149.98
> NS3.UTORONTO.ca. 172800 IN A 128.100.100.131
> Received 281 bytes from 198.41.0.4#53 in 140 ms
> # host -a -r brcc.ca ns2.uunet.ca
> Trying "brcc.ca"
> Using domain server:
> Name: ns2.uunet.ca
> Address: 142.77.1.5#53
> Aliases:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36649
> ;; flags: qr ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUESTION SECTION:
> ;brcc.ca. IN ANY
> ;; ANSWER SECTION:
> brcc.ca. 86400 IN NS ns.worldchat.com.
> brcc.ca. 86400 IN NS ns2.worldchat.com.
> ;; AUTHORITY SECTION:
> brcc.ca. 86400 IN NS ns.worldchat.com.
> brcc.ca. 86400 IN NS ns2.worldchat.com.
> ;; ADDITIONAL SECTION:
> ns.worldchat.com. 170859 IN A 204.138.239.60
> ns2.worldchat.com. 170859 IN A 204.138.239.137
> Received 133 bytes from 142.77.1.5#53 in 68 ms
> # host -a -r brcc.ca ns.worldchat.com
> Trying "brcc.ca"
> Using domain server:
> Name: ns.worldchat.com
> Address: 204.138.239.60#53
> Aliases:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45242
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;brcc.ca. IN ANY
> ;; ANSWER SECTION:
> brcc.ca. 86400 IN MX 5 mail.worldchat.com.
> brcc.ca. 86400 IN NS ns.worldchat.com.
> brcc.ca. 86400 IN NS ns2.worldchat.com.
> brcc.ca. 86400 IN A 204.138.239.60
> brcc.ca. 86400 IN SOA ns.worldchat.com.
> hostmaster.alpha. 2001092001 3600 900 1209600 43200
> ;; AUTHORITY SECTION:
> brcc.ca. 86400 IN NS ns2.worldchat.com.
> brcc.ca. 86400 IN NS ns.worldchat.com.
> Received 190 bytes from 204.138.239.60#53 in 89 ms
> # host -a -r brcc.ca ns2.worldchat.com
> Trying "brcc.ca"
> Using domain server:
> Name: ns2.worldchat.com
> Address: 204.138.239.137#53
> Aliases:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52653
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;brcc.ca. IN ANY
> ;; ANSWER SECTION:
> brcc.ca. 86400 IN SOA ns.worldchat.com.
> hostmaster.alpha. 2001092001 3600 900 1209600 43200
> brcc.ca. 86400 IN NS ns.worldchat.com.
> brcc.ca. 86400 IN NS ns2.worldchat.com.
> brcc.ca. 86400 IN A 204.138.239.60
> brcc.ca. 86400 IN MX 5 mail.worldchat.com.
> ;; AUTHORITY SECTION:
> brcc.ca. 86400 IN NS ns2.worldchat.com.
> brcc.ca. 86400 IN NS ns.worldchat.com.
> Received 190 bytes from 204.138.239.137#53 in 76 ms
--
Peter Håkanson
IPSec Sverige (At the Riverside of Gothenburg, home of Volvo)
Sorry about my e-mail address, but i'm trying to keep spam out.
Remove "icke-reklam" and it works.
More information about the bind-users
mailing list