SERVFAIL issues
Frank Bulk
frnkblk at iname.com
Thu Jan 15 23:57:10 UTC 2009
http://marc.info/?l=bind-users&m=122239920822324&w=2
http://marc.info/?l=bind-users&m=122243068905656&w=2
We upgraded to 9.5.0-P1 when the Kaminsky DNS vulnerability was announced
and have had intermittent issues with SERVFAIL problems for some DSL modems
that don't properly fail over to a secondary DNS server. A packet capture
showed that certain domains would result in a SERVFAIL, and once that domain
was identified, if we did a dig against it we had the same result. We've
had to stop and start the named service about half a dozen times this fall
to resolve the issue.
We upgraded to 9.5.0-P2 in early November, hoping that this issue would be
resolved. But today we experienced the problem again. A customer couldn't
query a site, although everything seemed correct. I captured all their
traffic and the trace showed that the DNS server was issuing a SERVFAIL. I
stopped and then started named and immediately all was well. Since we
sometimes reload named when adding/modifying domains, or at other times use
rndc, I'm not sure if that "cleared" things up such that this is the first
time I recall having this problem in 2 months.
Is this intermittent SERVFAIL issue resolved in 9.5.1-P1?
Frank
More information about the bind-users
mailing list