SERVFAIL and resolver

[Kevin Darcy]

ericc122 at my-deja.com wrote:

> Say I have a domain with two name servers authoritative for it. One
> name server is working ok, the other has a problem and returns SERVFAIL
> for any request.
>
> - It it correct that when a client tries to resolve a name in that
> domain, the root servers will hand it a NS record for either name
> server, round robin, so that there's about a 50% chance the resolver
> will query either of my name servers?

If you're talking about a normal "stub" resolver, then it will never talk
to the root servers. Instead, it will talk to whatever nameserver(s) is
configured in its resolver configuration (/etc/resolv.conf on a Unix-like
box). Then that server will do its best to resolve the query (which may
involve talking the root servers, among others), and return an answer to
the client.

> - If the query goes to the broken name server, is that considered a
> final response by the querying resolver, or does it try to query the
> other name server?

See above. Chances are that the client will never talk directly to the
broken server. Nameservers which are trying to resolve these names on
behalf of clients, however, should try the other nameserver if they get a
SERVFAIL from the broken one.

If by some incredible coincidence the client happens to have the broken
nameserver as the first one in its nameserver list, then when it gets the
SERVFAIL it should try the next nameserver in the list (at least, that's
the behavior I am seeing on my Solaris workstation, although I don't see
anything in either the _DNS_and_BIND_ book or the RFC's as to how it's
*supposed* to behave in this situation).


- Kevin