Servfail When Resolving certain domains

England, Robert (Robert) england at northamerica.exchange.agere.com
Tue Dec 11 12:47:40 UTC 2001 

I totally agree, but I am still trying to understand why the forwarding
works and the standard config. does not?  Trust me I don't want to have to
worry about zone forwarders, and the admin involved. But as a stop gap that
was the only way to get it to work until I fully understand the problem.
Again this is not the only domain I am experiencing problems with. But this
one just so happens to be a visible problem. Some of the others are not as
visible. So understanding why one way work and not the other will help me in
understanding, so that I may send an email off to the admin responsible for
the domains in question.

-Bob

-----Original Message-----
From: Jim Reid [mailto:jim at rfc1035.com] 
Sent: Monday, December 10, 2001 10:35 PM
To: England, Robert (Robert)
Cc: bind-users at isc.org
Subject: Re: Servfail When Resolving certain domains 

>>>>> "Robert" == England, Robert (Robert)
<england at northamerica.exchange.agere.com> writes:

    Robert> Isn't there a way around this?

Yes. Get the people responsible for the broken delegation to fix it.
That's the only sensible solution. The other approach is to ignore the
lame delegation. They'll soon get the message that something is broken
-- and hopefully fix it! -- whenever they find that nobody is sending
them email or visiting their web site. Think of people with broken
name server setups to be a bit like people with substance abuse
problems: they have to recognise they have a problem before they can
begin to fix it.

    Robert> If I do a 
    Robert> zone "zaiqtech.com" in {
    Robert>     type forward;
    Robert>     forwarders { 206.34.200.2; 206.34.200.3; };
    Robert>     };

    Robert> in our named.conf the mail gets sent and everybody is
    Robert> happy. But I don't want to have to do this for every
    Robert> domain that I find an error for.

... Which is precisely why the above kludge is not a sensible
approach. It's not an acceptable long-term solution. This ugly hack
won't even work if zaiqtech.com renumber their name servers because
your name server would then be forwarding queries for this domain to
the old (and presumably) wrong server addresses. [In fact this is one
of the reasons why a "solution" that involves forwarding is in general
a very bad idea IMO.] OTOH, if they fixed the delegation (as they
should have done inthe first place), you wouldn't need to resort to
ad-hoc unscalable kludges.

More information about the bind-users mailing list