[SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
Shaoquan Lin
lin at ccny.cuny.edu
Fri Feb 18 20:54:58 UTC 2011
Ryan,
Have you solved your problem? I have similar problems. I run BIND 9.6..1-P3 on my Solaris 10 and can not resolve anything in domain nyc.gov. One thing I noticed is: BIND 9.3 send query to b.gov-servers.net with no Additional records and got a response with A records for the nyc.gov NS servers in the Additional records; but BIND 9.6 send query with type OPT Additional records and got a response with also a type OPT but no A in the Additional records. So the BIND 9.6 can not find the IP addresses of the nyc.gov NS servers and therefore can not resolve anything in that domain. Using options "max-udp-size 512" and "edns-udp-size 512" does not solve the problem.
The following are the what I captured. Anyone have any suggestions to solve the problem?
Shaoquan Lin
BIND 9.3 query:
Domain Name System (query)
Transaction ID: 0x94ca
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
vwall4a.nyc.gov: type A, class IN
Name: vwall4a.nyc.gov
Type: A (Host address)
Class: IN (0x0001)
BIND 9.3 response:
Domain Name System (response)
Transaction ID: 0x94ca
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 4
Additional RRs: 4
Queries
vwall4a.nyc.gov: type A, class IN
Name: vwall4a.nyc.gov
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
nyc.gov: type NS, class IN, ns vwall1a.nyc.gov
Name: nyc.gov
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: vwall1a.nyc.gov
nyc.gov: type NS, class IN, ns vwall2a.nyc.gov
Name: nyc.gov
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: vwall2a.nyc.gov
nyc.gov: type NS, class IN, ns vwall3a.nyc.gov
Name: nyc.gov
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: vwall3a.nyc.gov
nyc.gov: type NS, class IN, ns vwall4a.nyc.gov
Name: nyc.gov
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: vwall4a.nyc.gov
Additional records
vwall1a.nyc.gov: type A, class IN, addr 161.185.1.3
Name: vwall1a.nyc.gov
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 161.185.1.3
vwall2a.nyc.gov: type A, class IN, addr 161.185.1.12
Name: vwall2a.nyc.gov
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 161.185.1.12
vwall3a.nyc.gov: type A, class IN, addr 167.153.130.12
Name: vwall3a.nyc.gov
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 167.153.130.12
vwall4a.nyc.gov: type A, class IN, addr 167.153.130.13
Name: vwall4a.nyc.gov
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 167.153.130.13
BIND 9.6 query:
Domain Name System (query)
Transaction ID: 0x6427
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
vwall4a.nyc.gov: type A, class IN
Name: vwall4a.nyc.gov
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
BIND 9.6 response:
Domain Name System (response)
Transaction ID: 0x6427
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 6
Additional RRs: 1
Queries
vwall4a.nyc.gov: type A, class IN
Name: vwall4a.nyc.gov
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
nyc.gov: type NS, class IN, ns vwall1a.nyc.gov
Name: nyc.gov
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: vwall1a.nyc.gov
nyc.gov: type NS, class IN, ns vwall2a.nyc.gov
Name: nyc.gov
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: vwall2a.nyc.gov
nyc.gov: type NS, class IN, ns vwall3a.nyc.gov
Name: nyc.gov
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: vwall3a.nyc.gov
nyc.gov: type NS, class IN, ns vwall4a.nyc.gov
Name: nyc.gov
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: vwall4a.nyc.gov
rq2651faaj4nen6tfis8ju5005qccn8j.gov: type Unknown (50), class IN
Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov
Type: Unknown (50)
Class: IN (0x0001)
Time to live: 1 day
Data length: 35
Data
rq2651faaj4nen6tfis8ju5005qccn8j.gov: type RRSIG, class IN
Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov
Type: RRSIG (RR signature)
Class: IN (0x0001)
Time to live: 1 day
Data length: 279
Type covered: Unknown (50)
Algorithm: Unknown (0x07)
Labels: 2
Original TTL: 1 day
Signature expiration: Feb 22, 2011 05:00:22.000000000
Time signed: Feb 17, 2011 05:00:22.000000000
Id of signing key(footprint): 47602
Signer's name: gov
Signature
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 1472
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110218/0172b461/attachment.html>
More information about the bind-users
mailing list