SERVFAIL

[Jim Reid]

>>>>> "Fabiola" == Fabiola Caceres <fabiola at infi.net> writes:

    Fabiola> Hi, I just update one of my name servers to Bind 8.2.3
    Fabiola> ns3.infi.net I have 2 more secondaries running bind 4.9.7
    Fabiola> which do not get the error.  This is the error I get in
    Fabiola> the new system:

    Fabiola> May 15 17:25:28 ns3.infi.net named[287]: [ID 295310 daemon.info] sysquery: findns error (SERVFAIL) on mx03.mindspring.com? 
    Fabiola> May 15 17:25:28 ns3.infi.net named[287]: [ID 295310 daemon.info] sysquery: nlookup error on ?

    Fabiola> I found in the mailing list the following solution: "find
    Fabiola> the broken delegation and get the hostmaster for that
    Fabiola> domain to fix it so that the world can lookup
    Fabiola> mailin01.btx.dtag.de successfully" But 
    Fabiola> why I do not get this error in my other secondaries?

Your slave (secondary) servers are running old name server code which
is more tolerant of illegal and broken zone files. They've probably
still got illegal glue for mailin01.btx.dtag.de which was zapped by
the master server when you upgraded it to 8.2.3.

If you have a firewall, it might be preventing the 8.2.3 server's
lookups. By default a BIND[89] server uses a random, unprivileged port
for querying other name servers. BIND4 servers alwas sent these from
port 53. Maybe you have a router that's only letting queries out and
replies back if the source and destination port numbers are 53? The
second error message you showed indicates your BIND8 server can't find
the root servers. That could be because of the firewall problem above
or else the server's been misconfigured with an incorrect hints file
for the root zone. If your server can't find the root servers, it
won't be able to resolve any non-local names.