BIND9 SERVFAIL on some .gov addresses
Ryan Novosielski
novosirj at umdnj.edu
Thu Feb 10 21:54:58 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/10/2011 04:19 PM, Chuck Swiger wrote:
> The adberr count looks like it can only be incremented by two code sections in lib/dns/resolver.c:
>
> if (result != ISC_R_SUCCESS) {
> if (result == DNS_R_ALIAS) {
> /*
> * XXXRTH Follow the CNAME/DNAME chain?
> */
> dns_adb_destroyfind(&find);
> fctx->adberr++;
> }
> }
>
> [ ...and... ]
>
> if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0)
> fctx->lamecount++; /* cached lame server */
> else
> fctx->adberr++; /* unreachable server, etc. */
>
> This implies a connectivity issue between your client and the nyc.gov nameservers, I think.
> But there are local wizards lurking who are much more familiar with the code than I....
I would think so too except another one is dc.gov. It would strike me as
unlikely that I can't reach two .gov sites out of the blue. I sent a
note to our telecomm people too to see if they might see something on
the Firewall.
> For the other example:
>
>> resolver.c:3178 for idphdomain.idph.state.ia.us/MX in 30.000069: timed
>> out/success [domain:idphdomain.
>> idph.state.ia.us,referral:3,restart:4,qrysent:20,timeout:19,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
>
>
> I get no response either. I'd imagine a delegation problem somewhere in the list of domains, although if you poke around, you can find servers which will answer and claim no MX records exist:
OK, thanks -- I did not carefully check other locations for that one.
Good to know that's not just me.
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1UXrEACgkQmb+gadEcsb4dPQCfcrelZiF8TyT3BBZa1L4ERW7y
oPQAoLSR9pVFn7BBbb9nFfms5+l/MHqR
=pnvt
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: novosirj.vcf
Type: text/x-vcard
Size: 301 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110210/8e44f3e9/attachment.vcf>
More information about the bind-users
mailing list