SERVFAIL response for dig but +trace works

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sat Oct 11 00:34:06 UTC 2003 

> Hi folks,  I am in an unfortunate hurry. 
> 
> 
> I have not found the FAQ for this list yet. Is there one?
> 
> I have found the archives and not yet found what I need. 
> 
> The server in question is the "main" server for the FSU.EDU. 
> The good news is that it has only 197 zones. It is running  
> BIND 9.2.2-P3 on a SUN, details follows: uname -a
> SunOS dns1 5.8 Generic_108528-20 sun4u sparc SUNW,Sun-Fire-280R
> 
> fwiw - We have *NOT* activated the "delegation" only options in 
> the named.conf.
> 
> I am seeing a number of domains getting either "SERVFAIL" or
> ";; connection timed out; no servers could be reached" in 
> response to dig.  Suggestions for what "logging" or "debugging"
> options to turn on are invited. I would like to get some 
> handle on "For ow much of the DNS are we getting bad answers?"
> 
> I would like someone to explain the following dig output to me. 
> I do not see the reason the +trace works and the original did not.
> 
> pamd1:~:130$ dig @128.186.6.103 mktrading.org.
> 
> ; <<>> DiG 9.2.2 <<>> @128.186.6.103 mktrading.org.
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6312
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mktrading.org.                 IN      A
> 
> ;; Query time: 1 msec
> ;; SERVER: 128.186.6.103#53(128.186.6.103)
> ;; WHEN: Fri Oct 10 16:44:51 2003
> ;; MSG SIZE  rcvd: 31
> 
> pamd1:~:131$ dig @128.186.6.103 mktrading.org. +trace
> 
> ; <<>> DiG 9.2.2 <<>> @128.186.6.103 mktrading.org. +trace
> ;; global options:  printcmd
> .                       276543  IN      NS      D.ROOT-SERVERS.NET.
> .                       276543  IN      NS      E.ROOT-SERVERS.NET.
> .                       276543  IN      NS      F.ROOT-SERVERS.NET.
> .                       276543  IN      NS      G.ROOT-SERVERS.NET.
> .                       276543  IN      NS      H.ROOT-SERVERS.NET.
> .                       276543  IN      NS      I.ROOT-SERVERS.NET.
> .                       276543  IN      NS      J.ROOT-SERVERS.NET.
> .                       276543  IN      NS      K.ROOT-SERVERS.NET.
> .                       276543  IN      NS      L.ROOT-SERVERS.NET.
> .                       276543  IN      NS      M.ROOT-SERVERS.NET.
> .                       276543  IN      NS      A.ROOT-SERVERS.NET.
> .                       276543  IN      NS      B.ROOT-SERVERS.NET.
> .                       276543  IN      NS      C.ROOT-SERVERS.NET.
> ;; Received 356 bytes from 128.186.6.103#53(128.186.6.103) in 2 ms
> 
> org.                    172800  IN      NS      TLD1.ULTRADNS.NET.
> org.                    172800  IN      NS      TLD2.ULTRADNS.NET.
> ;; Received 113 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 24 ms
> 
> MKTRADING.ORG.          172800  IN      NS      NS1.MOOSENET.COM.
> MKTRADING.ORG.          172800  IN      NS      NS2.MOOSENET.COM.
> ;; Received 92 bytes from 204.74.112.1#53(TLD1.ULTRADNS.NET) in 33 ms
> 
> mktrading.org.          43200   IN      A       216.98.140.253
> mktrading.org.          43200   IN      NS      ns2.aspadmin.com.
> mktrading.org.          43200   IN      NS      ns3.aspadmin.com.
> mktrading.org.          43200   IN      NS      ns1.aspadmin.com.
> ;; Received 161 bytes from 216.98.155.52#53(NS1.MOOSENET.COM) in 89 ms


	The nameservers do not exist.  Only glue records exist in
	the COM servers.

	On top of that the delegation needs to be updated.

	Mark

; <<>> DiG 8.3 <<>> NS1.MOOSENET.COM aaaa 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;	NS1.MOOSENET.COM, type = AAAA, class = IN

;; AUTHORITY SECTION:
MOOSENET.COM.		2h59m27s IN SOA  NS1.MOOSENET.COM. scott.MOOSENET.COM. (
					1018238558	; serial
					12H		; refresh
					2H		; retry
					2W		; expiry
					12H )		; minimum


;; Total query time: 1 msec
;; FROM: bsdi.dv.isc.org to SERVER: default -- 127.0.0.1
;; WHEN: Sat Oct 11 10:27:41 2003
;; MSG SIZE  sent: 34  rcvd: 76


; <<>> DiG 8.3 <<>> NS2.MOOSENET.COM aaaa 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;	NS2.MOOSENET.COM, type = AAAA, class = IN

;; AUTHORITY SECTION:
MOOSENET.COM.		3H IN SOA	ns1.MOOSENET.COM. scott.MOOSENET.COM. (
					1018238558	; serial
					12H		; refresh
					2H		; retry
					2W		; expiry
					12H )		; minimum


;; Total query time: 206 msec
;; FROM: bsdi.dv.isc.org to SERVER: default -- 127.0.0.1
;; WHEN: Sat Oct 11 10:29:18 2003
;; MSG SIZE  sent: 34  rcvd: 80

> 
> Thanks for getting all the way through the message, Ken
> -- 
>  ---------------------------------------------------------------------
>  Kenneth M. Hays                                hays at acns.fsu.edu 
>  Academic Computing and Network Services        aka kmh8 at the NIC
>  Florida State University                       voice=850-644-2591x129
>  2035 East Paul Dirac Drive                     fax=850-644-8722
>  Tallahassee, Florida 32306-2760                eFax=773-913-0894
>  ---------------------------------------------------------------------
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list