SERVFAIL for some domains on some servers
Oliver Henriot
Oliver.Henriot at imag.fr
Tue Mar 2 09:58:03 UTC 2010
Cher Stéphane,
Dans sa grande sagesse, Stephane Bortzmeyer a écrit, le 01/03/10 11:44 :
> On Sat, Feb 27, 2010 at 06:51:44PM +0100,
> Oliver Henriot<Oliver.Henriot at imag.fr> wrote
> a message of 104 lines which said:
>
>> but my computing skills are scarce and I still have a lot to learn.
>
> For instance, that you should always use real names
> <http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames>
Thanks for the info. Corrected in my reply to Sten Carlsen's message.
#joke mode on: If you have any questions concerning global tectonics and
space geodesy, ask me; for computing, ask someone else.#joke mode off
>
>> - servers "2", "3" and "4" : slaves for my domain, recusrion allowed for
>> all, official resolvers for my clients, same configuration on all 3.
>
> Bad setup: you should really completely separate authoritative and
> recursive services.
No doubt. As soon as I have the time I'll follow your guidelines
(http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html and
http://www.afnic.fr/actu/nouvelles/general/NN20060404) I read a while ago.
>
>> Setup is DiG 9.3.6-P1 on CentOS 5.4.
>
> That's a very old version.
Yes, but it's the one packaged in CentOS and unfortunately I don't have
the time or the leisure to maintain hand built versions yet.
>
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37397
>
> And the log?
I log severity info (which is pretty general) for these categories :
category default { general-log; default_syslog; };
category security { security-log; default_syslog; };
category config { config-log; default_syslog; };
category client { client-log; default_syslog; };
category config { config-log; default_syslog; };
category client { client-log; default_syslog; };
category notify { notify-log; default_syslog; };
category xfer-in { xfer-log; default_syslog; };
category xfer-out { xfer-log; default_syslog; };
category lame-servers { null; };
(I tried logging lame servers and gave up...)
but nothing shows up when carrying out the failed request. I even tried
debug level and it gave nothing when I did :
dig www.labanquepostale.fr @129.88.30.10
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>
www.labanquepostale.fr @129.88.30.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35429
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.labanquepostale.fr. IN A
;; Query time: 1513 msec
;; SERVER: 129.88.30.10#53(129.88.30.10)
;; WHEN: Tue Mar 2 10:51:46 2010
;; MSG SIZE rcvd: 40
Thanks for your help (et pour votre travail sur le DNS en général).
Best regards,
Oliver
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4132 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100302/aee2f23f/attachment.bin>
More information about the bind-users
mailing list