SERVFAIL from validating nameservers for advocaat.pro & advocaten.pro
Sam Wilson
Sam.Wilson at ed.ac.uk
Fri Feb 6 10:14:30 UTC 2009
In article <gmg1b7$1q35$1 at sf1.isc.org>,
Mark Andrews <Mark_Andrews at isc.org> wrote:
> In message <Prayer.1.3.1.0902051754210.4908 at hermes-2.csi.cam.ac.uk>, Chris
> Thompson writes:
> > On Feb 5 2009, I wrote:
> >
> > >DLV records for advocaat.pro & advocaten.pro are among the recent
> >additions to dlv.isc.org. Using validating recursive nameservers
> > >running BIND 9.5.1-P1 (configured to trust dlv.isc.org), I get SERVFAILs
> > >looking things up in them, although not consistently. This doesn't
> > >happen with non-validating nameservers.
> > >
> > >I can't work out what is wrong with them. Does anyone else see the
> > >same effect?
> >
> > More info about the "not consistently" bit. With nothing about
> > them in the cache ("rndc flushname advocaat.pro") looking up SOA or
> > NS records for them gives SERVFAIL. But looking up A records does
> > not, and after that SOA and NS lookups work OK as well.
> >
> > Hmmm...
>
> The TLD lies. DNSSEC is doing exactly what it is
> supposed to do and is blocking ibad answers.
This may be coincidence but we had something similar with dell.com
servers for a while yesterday - some of our caching servers would return
SERVFAIL when looking up either a particular name,
premierconfigure.euro.dell.com, or the NS records for dell.com. I was
still baffled when it fixed itself. Did anyone else notice anything
similar?
Sam
More information about the bind-users
mailing list