Problem with 8.3.3 and SERVFAIL.

Greg Prosser gregp at blackened.net
Tue Jul 9 03:18:31 UTC 2002 


Feel free to thwack me with a cluebat if this is a stupid question, but I 
have an issues with 8.3.3 that is "fixed" by downgrading to 8.2.x.  I 
haven't narrowed down the bug any farther than that.  Obviously, for 
security reasons, I'd like to use the newest version but this bug breaks 
customers, so I don't really have a choice.

Example of bug:

dig @ns domain.com

The dig output shows a 10M ttl.  So, I try in 10M, and sure enough, I get 
an answer back with TTL 0.  All good so far.  If I try again, though, 
rather than returning another answer with a new TTL of ten minutes (as 
you'd expect to happen if the cache has expired, and bind has to go fetch 
an answer again), bind returns SERVFAIL and continues to do so until named 
is restarted.

8.2.x seems unaffected by this, and responds with the correct answer after 
it expires.

I used a private server, since the one I was working on is far too busy, 
and saw the following with -d 9 and -f on the command line:

[... output from last working query for the information, showing TTL 0]
datagram from [censored-dns-client-ip].1599, fd 20, len 29
ns_req(from [censored-dns-client-ip].1599)
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      censored-example-domain.com, type = A, class = IN
XX+/censored-dns-client-ip/censored-example-domain.com/A/IN
req: nlookup(censored-example-domain.com) id 4 type=1 class=1
req: found 'censored-example-domain.com' as 'censored-example-domain.com' 
(cname=0)
stale: ttl 1026179251 -1 (x2)
stale: ttl 1026179251 -1 (x2)
stale: ttl 1026179251 -1 (x2)
delete_all(0x81070a0:"censored-example-domain" IN A)
rm_datum(812d9fc, 810f030, 810f060, 0) -> 812da20
rm_datum(812da20, 810f030, 810f060, 0) -> 8138000
wanted(0x810f030, IN A) [IN NS]
wanted(0x810f060, IN A) [IN NS]
wanted(0x8138000, IN A) [IN SOA]
findns: np 0x81070a0 'censored-example-domain'
findns: 2 NS's added for 'censored-example-domain'
ns_forw()
qnew(0x812e368)
find_zone(censored-example-domain.com, 1)
find_zone: unknown zone
find_zone(com, 1)
find_zone: unknown zone
find_zone(., 1)
find_zone: existing zone 1
nslookup(nsp=0xbfbfda1c, qp=0x812e368, "censored-example-domain.com", d=0)
nslookup: NS "NS1.censored-example-domain.com" c=1 t=2 (flags 0x2)
nslookup: NS "NS2.censored-example-domain.com" c=1 t=2 (flags 0x2)
nslookup: 0 ns addrs total
ns_forw: query(censored-example-domain.com) No possible A RRs
forw: nslookup reports danger
ns_freeqry(0x812e368)
ns_req: answer -> [censored-dns-client-ip].1599 fd=20 id=4 size=29 rc=2
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      censored-example-domain.com, type = A, class = IN
[.. repeated output with further queries]

I've censored my client IP and the domains name, as I don't want my client 
freaking out getting 934234 queries from list members.  I can provide it 
off-list if someone wants to offer debug help.

Help?

(Please CC: replies to me as I'm not on the list)

-gnp

More information about the bind-users mailing list