intermittent SERVFAIL for high visible domains such as *.google.com

Brian J. Murrell brian at interlinx.bc.ca
Mon Jan 22 13:22:21 UTC 2018 

On Mon, 2018-01-22 at 12:04 +0000, Tony Finch wrote:
> 
> The thing to look out for is the minutes before the outage starts -
> see
> what kind of failures you get.

So, taking this approach, looking for the first occurrence of just any
one of the names ns[1-4].google.com prior to the A/AAAA queries that
are in http://brian.interlinx.bc.ca/named.run.log starting at:

19-Jan-2018 18:04:50.785 createfetch: ns1.google.com A

(which end up resulting in the SERVFAIL for www.google.com/IN/A) the
first previous occurrence of just any one of those names is:

19-Jan-2018 17:48:59.122 resquery 0x7f10102ecd50 (fctx 0x7f10102e5dc0(lh4.ggpht.com/AAAA)): response
19-Jan-2018 17:48:59.122 received packet:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:   3024
;; flags: qr cd; QUESTION: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;lh4.ggpht.com.                 IN      AAAA

;; AUTHORITY SECTION:
ggpht.com.              172800  IN      NS      ns2.google.com.
ggpht.com.              172800  IN      NS      ns1.google.com.
ggpht.com.              172800  IN      NS      ns3.google.com.
ggpht.com.              172800  IN      NS      ns4.google.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20180124054922 20180117043922 46967 com. pjslTFtda4UfkpJtO9rbVmzSRQ+JslWRuBl/r0tkeyX4nBA8wjOIQjCH DJl+C6CA8TMW
lO9dfx5ZHM2s59N/XfQG3fp2N68bf3rhSp5OwUEVy205 6LMbiiW7wjp0MEQOGorvf29kS6ApuZHGOseP5HQrAIBO4XxZvomAPME+ Q1c=
FGFB71PIIJ5JUGA7GFUQ06ANFUVDRKBA.com. 86400 IN NSEC3 1 1 0 - FGFGQ2SH7LNK03PV0R76S8B47TPVJK59 NS DS RRSIG
FGFB71PIIJ5JUGA7GFUQ06ANFUVDRKBA.com. 86400 IN RRSIG NSEC3 8 2 86400 20180125052147 20180118041147 46967 com. DkAophVbTjntmUtcj2HIiigTv5yxlNuTIAGWgXY+W9QhAJp4UUYpqxOe jmyxVEUtfYqS
3ANVWz7EI+ucYS1CE8UKuWUx4eGAz8F/YbN/KA5cvxWO SEqri5Lg3W2MjiB/DXXFI/WrnmuLPNIQdDZD2H1lQ56CTUAL0pPpDby9 788=

;; ADDITIONAL SECTION:
ns2.google.com.         172800  IN      A       216.239.34.10
ns1.google.com.         172800  IN      A       216.239.32.10
ns3.google.com.         172800  IN      A       216.239.36.10
ns4.google.com.         172800  IN      A       216.239.38.10

I realize this query result has nothing to do with www,google.com, but
it is the first occurrence of just any of the names ns[1-4].google.com
prior to the start of the subsequent SERFAIL processing that starts at
18:04:50.785 and it's more than 10 minutes prior to the SERVFAIL.

That seems to indicate that nothing at all to do with any of the names
ns[1-4].google.com happens for more than 10 minutes before a SERVFAIL
is returned for www.google.com right?  Nothing at all happens that
could result in a any of those names being lame, right?

Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180122/76be40c9/attachment.bin>

More information about the bind-users mailing list