Sometimes DNS does not resolv domains
David Woodfall
dave at dawoodfall.net
Mon Feb 9 19:33:59 UTC 2015
>Hello
>
>Investigate if it's not related to the problems with EDNS0 support and
>the fallback mechanism in Bind, as described in this article:
>
>https://kb.isc.org/article/AA-01219/
>
>It's described as one of the outstanding issues of both the latest
>versions of bind 9.9 and 9.10:
>
>Refinements to EDNS fallback behavior in BIND 9.9.6 and 9.10.1 may
>prevent named (running as a recursive server) from attempting a final
>query using UDP without EDNS0 in some rare situations where prior
>queries using EDNS0 with both and TCP did not obtain usable answers.
>For more details see https://kb.isc.org/article/AA-01219/.
>
>I am finding a lot of these errors lately, and I cannot find out if
>it's related or not:
>
>09-Feb-2015 12:36:11.904 query-errors: debug 1: client
>109.80.225.36#34954 (ihned.cz): query failed (SERVFAIL) for
>ihned.cz/IN/AAAA at query.c:7025
>09-Feb-2015 12:36:11.904 query-errors: debug 2: fetch completed at
>resolver.c:3080 for ihned.cz/AAAA in 0.000504: failure/success [domain:ihned.cz,referral:0,restart:2,qrysent:2,timeout:0,lame:0,neterr:2,badresp:0,adberr:0,findfail:0,valfail:0]
>
>I can confirm that the server sometimes fails to resolve the requesed
>name, returning the SERVFAIL opcode.
>
>--
>S pozdravem,
>Daniel Ryšlink
>System Administrator
Hi, and thanks for the tips and replies.
I've now set up more detailed logging and I will know more when it
happens again.
-D
>Dial Telecom a. s.
>Křižíkova 36a/237
>186 00 Praha 3, Česká Republika
>Tel.:+420.226204627
>daniel.ryslink at dialtelecom.cz
>-----------------------------------------------
>www.dialtelecom.cz
>Dial Telecom, a.s.
>Jednoduše se připojte
>-----------------------------------------------
>
>On 02/08/2015 10:06 PM, Eliezer Croitoru wrote:
>>Hey David,
>>
>>Do you have any logs enabled in your settings?
>>The logs can help a lot to minimize the issues.
>>There is a nice example of settings at:
>>http://stackoverflow.com/a/12114139
>>
>>Which can be a starter to give you more then you have now.
>>Notice that the issue might come from something that is not in your
>>hands at all.
>>You can decide which "channel" to enable or disable.
>>
>>Also you can verify something in your config about dnssec.
>>If your server is now dnssec enabled try disabling it and see what
>>happens.
>>
>>Eliezer
>>
>>On 08/02/2015 20:35, David Woodfall wrote:
>>>Any ideas what might be causing this?
>>>
>>>Version: bind-9.9.6_P1-x86_64-1_slack14.1
>>>
>>>Thanks
More information about the bind-users
mailing list