sporatic, noaa.gov SERVFAIL
Mark Andrews
marka at isc.org
Thu Jan 29 23:23:43 UTC 2015
In message <F5FC122448E1BA4A8D6D2119430B41D54724C782 at MAILMB06.swe.la.gov>, Brad
Bendily writes:
> Doesn't succed all the way. so I assume somewhere up the chain, firewalls a=
> re either blocking=20
> EDNS, or fragmenting the packets?
> Any way for me to pinpoint the specific firewall?
> We are an agency, behind another agency.=20
> So I don't think it's our immediate hop, but was hoping I could point direc=
> tly to the problem router/firewall.
See if adding "+bufsize=1432" lets you get a response. This allows for
a IPv4 in IPv6 or IPv6 in IPv4 tunnel without fragmention over Ethernet.
Named and dig will fallback to TCP if needed.
You can tell named to advertise this size with
edns-udp-size 1432;
or
server 0.0.0.0/0 { edns-udp-size 1432; };
server ::/0 { edns-udp-size 1432; };
for just IPv4 and IPv6 respectively. Longest match wins with server
clauses so if you have more specific entries you will need to add
this to them also.
I've got a broken NAT which doesn't handle out of order fragments so I use
server 0.0.0.0/0 { edns-udp-size 1432; };
The best solution however is to fix the firewall.
Mark
> dig +trace +all +dnssec www.nhc.noaa.gov
>
> ; <<>> DiG 9.9.6-P1 <<>> +trace +all +dnssec www.nhc.noaa.gov
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54198
> ;; flags: qr ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 25
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;. IN NS
>
> ;; ANSWER SECTION:
> . 502864 IN NS g.root-servers.net.
> . 502864 IN NS j.root-servers.net.
> . 502864 IN NS a.root-servers.net.
> . 502864 IN NS m.root-servers.net.
> . 502864 IN NS c.root-servers.net.
> . 502864 IN NS l.root-servers.net.
> . 502864 IN NS i.root-servers.net.
> . 502864 IN NS b.root-servers.net.
> . 502864 IN NS f.root-servers.net.
> . 502864 IN NS e.root-servers.net.
> . 502864 IN NS k.root-servers.net.
> . 502864 IN NS h.root-servers.net.
> . 502864 IN NS d.root-servers.net.
> . 518385 IN RRSIG NS 8 0 518400 20150208170000 20
> 150129160000 16665 . wBP=
> +DfP/H1T7T267f+aUmqZFa6L0xAkPh2CGu1jQo8Z5+1kcchA6v0Ee BFlVI90eFFgLrFJKugBq4=
> XozHW5Uj7HQHP9dPPI0W4z2u4380vM/Rdbq xRB8nesg66eWEghiocUvG2pUCIBfE60ReAu9lFk=
> tYTQWNHoSFOjMLhS0 1Fg=3D
>
> ;; ADDITIONAL SECTION:
> a.root-servers.net. 502867 IN A 198.41.0.4
> a.root-servers.net. 502867 IN AAAA 2001:503:ba3e::2:30
> b.root-servers.net. 502867 IN A 192.228.79.201
> b.root-servers.net. 502867 IN AAAA 2001:500:84::b
> c.root-servers.net. 502867 IN A 192.33.4.12
> c.root-servers.net. 502867 IN AAAA 2001:500:2::c
> d.root-servers.net. 502867 IN A 199.7.91.13
> d.root-servers.net. 502867 IN AAAA 2001:500:2d::d
> e.root-servers.net. 502867 IN A 192.203.230.10
> f.root-servers.net. 502867 IN A 192.5.5.241
> f.root-servers.net. 502867 IN AAAA 2001:500:2f::f
> g.root-servers.net. 502867 IN A 192.112.36.4
> h.root-servers.net. 502867 IN A 128.63.2.53
> h.root-servers.net. 502867 IN AAAA 2001:500:1::803f:235
> i.root-servers.net. 502867 IN A 192.36.148.17
> i.root-servers.net. 502867 IN AAAA 2001:7fe::53
> j.root-servers.net. 502867 IN A 192.58.128.30
> j.root-servers.net. 502867 IN AAAA 2001:503:c27::2:30
> k.root-servers.net. 502867 IN A 193.0.14.129
> k.root-servers.net. 502867 IN AAAA 2001:7fd::1
> l.root-servers.net. 502867 IN A 199.7.83.42
> l.root-servers.net. 502867 IN AAAA 2001:500:3::42
> m.root-servers.net. 502867 IN A 202.12.27.33
> m.root-servers.net. 502867 IN AAAA 2001:dc3::35
>
> ;; Query time: 0 msec
> ;; SERVER: 10.120.11.85#53(10.120.11.85)
> ;; WHEN: Thu Jan 29 16:12:31 CST 2015
> ;; MSG SIZE rcvd: 913
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38806
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; AUTHORITY SECTION:
> gov. 172800 IN NS a.gov-servers.net.
> gov. 172800 IN NS b.gov-servers.net.
> gov. 86400 IN DS 7698 8 1 6F109B46A80CEA9613DC86
> D5A3E065520505AAFE
> gov. 86400 IN DS 7698 8 2 6BC949E638442EAD0BDAF0
> 935763C8D003760384FF15EBB=
> D5CE86BB5 559561F0
> gov. 86400 IN RRSIG DS 8 1 86400 20150208170000 201
> 50129160000 16665 . uc=
> jpVlvTDORdbUPC8Be67uAeVplPFOV5b+5Ej6dOIjEdreiVp8Xqw5ro fh4VmLa+/TvdwPLr2uZD=
> 5Cm7uPI5t+Ux477CYEaWGVQO5Jguc1xvwo/U lEoI177BjHdTM2PTrp+woZQp1SpIINIBidmidi=
> c3dPWuDLzQIGscFlVn S1I=3D
>
> ;; ADDITIONAL SECTION:
> a.gov-servers.net. 172800 IN A 69.36.157.30
> b.gov-servers.net. 172800 IN A 209.112.123.30
> a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30
>
> ;; Query time: 43 msec
> ;; SERVER: 193.0.14.129#53(193.0.14.129)
> ;; WHEN: Thu Jan 29 16:12:31 CST 2015
> ;; MSG SIZE rcvd: 395
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57350
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1472
> ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; AUTHORITY SECTION:
> noaa.gov. 86400 IN NS ns-e.noaa.gov.
> noaa.gov. 86400 IN NS ns-mw.noaa.gov.
> noaa.gov. 86400 IN NS ns-nw.noaa.gov.
> noaa.gov. 3600 IN DS 19789 5 1 F26B21B0C8365F80A8522
> 1BA8CC6DF40CC73B05B
> noaa.gov. 3600 IN DS 19789 5 2 ABA039285FD7FA9D26020
> 6DD4C12D93CE346644A753=
> 16A143A27883D E93FA35B
> noaa.gov. 3600 IN RRSIG DS 8 2 3600 20150205175724 2015
> 0129175724 4352 gov=
> . wB2UOo0xqtc9SX7uy4DiOlZkfret3kcdB9IDG93d5M28flNhhLnZSgSU K2ZFyjnlqb25k0Z8=
> uca2tSSpb8hOPldsvvKG8Rgs7x48+fgXciY2ovPn mzKedfsgTVtXGgjZsLAVovTY2y3weio1YU=
> SEziLeM9++yaJ0REA6JiQq 3HM=3D
>
> ;; ADDITIONAL SECTION:
> ns-e.noaa.gov. 86400 IN A 140.90.33.237
> ns-mw.noaa.gov. 86400 IN A 140.172.17.237
> ns-nw.noaa.gov. 86400 IN A 161.55.32.2
> ns-e.noaa.gov. 86400 IN AAAA 2610:20:8000:8c00::237
> ns-mw.noaa.gov. 86400 IN AAAA 2610:20:8800:8c00::237
> ns-nw.noaa.gov. 86400 IN AAAA 2610:20:8c00:8c00::2
>
> ;; Query time: 18 msec
> ;; SERVER: 209.112.123.30#53(209.112.123.30)
> ;; WHEN: Thu Jan 29 16:12:45 CST 2015
> ;; MSG SIZE rcvd: 483
>
> ;; connection timed out; no servers could be reached
>
> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org]=20
> Sent: Thursday, January 29, 2015 3:38 PM
> To: Brad Bendily
> Cc: bind-users at lists.isc.org
> Subject: Re: sporatic, noaa.gov SERVFAIL
>
>
> Ensure your firewall passes fragmented UDP packets.
>
> dig +trace +all +dnssec www.nhc.noaa.gov
>
> should succeed. You will notice that the responses are large.
>
> Mark
>
> ; <<>> DiG 9.11.0pre-alpha <<>> +trace +all +dnssec www.nhc.noaa.gov ;; glo=
> bal options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41145 ;; flags: qr aa; =
> QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;. IN NS
>
> ;; ANSWER SECTION:
> . 518400 IN NS e.root-servers.net.
> . 518400 IN NS i.root-servers.net.
> . 518400 IN NS h.root-servers.net.
> . 518400 IN NS g.root-servers.net.
> . 518400 IN NS b.root-servers.net.
> . 518400 IN NS l.root-servers.net.
> . 518400 IN NS j.root-servers.net.
> . 518400 IN NS m.root-servers.net.
> . 518400 IN NS c.root-servers.net.
> . 518400 IN NS f.root-servers.net.
> . 518400 IN NS a.root-servers.net.
> . 518400 IN NS d.root-servers.net.
> . 518400 IN NS k.root-servers.net.
> . 518400 IN RRSIG NS 8 0 518400 20150208170000 20
> 150129160000 16665 . wBP=
> +DfP/H1T7T267f+aUmqZFa6L0xAkPh2CGu1jQo8Z5+1kcchA6v0Ee BFlVI90eFFgLrFJKugBq4=
> XozHW5Uj7HQHP9dPPI0W4z2u4380vM/Rdbq xRB8nesg66eWEghiocUvG2pUCIBfE60ReAu9lFk=
> tYTQWNHoSFOjMLhS0 1Fg=3D
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Jan 30 08:35:07 EST 2015
> ;; MSG SIZE rcvd: 397
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37128 ;; flags: qr; QUE=
> RY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; AUTHORITY SECTION:
> gov. 172800 IN NS a.gov-servers.net.
> gov. 172800 IN NS b.gov-servers.net.
> gov. 86400 IN DS 7698 8 1 6F109B46A80CEA9613DC86
> D5A3E065520505AAFE
> gov. 86400 IN DS 7698 8 2 6BC949E638442EAD0BDAF0
> 935763C8D003760384FF15EBB=
> D5CE86BB5 559561F0
> gov. 86400 IN RRSIG DS 8 1 86400 20150208170000 201
> 50129160000 16665 . uc=
> jpVlvTDORdbUPC8Be67uAeVplPFOV5b+5Ej6dOIjEdreiVp8Xqw5ro fh4VmLa+/TvdwPLr2uZD=
> 5Cm7uPI5t+Ux477CYEaWGVQO5Jguc1xvwo/U lEoI177BjHdTM2PTrp+woZQp1SpIINIBidmidi=
> c3dPWuDLzQIGscFlVn S1I=3D
>
> ;; ADDITIONAL SECTION:
> a.gov-servers.net. 172800 IN A 69.36.157.30
> b.gov-servers.net. 172800 IN A 209.112.123.30
> a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30
>
> ;; Query time: 180 msec
> ;; SERVER: 192.228.79.201#53(192.228.79.201) ;; WHEN: Fri Jan 30 08:35:07 E=
> ST 2015 ;; MSG SIZE rcvd: 395
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43552 ;; flags: qr; QUE=
> RY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1472 ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; AUTHORITY SECTION:
> noaa.gov. 86400 IN NS ns-e.noaa.gov.
> noaa.gov. 86400 IN NS ns-mw.noaa.gov.
> noaa.gov. 86400 IN NS ns-nw.noaa.gov.
> noaa.gov. 3600 IN DS 19789 5 1 F26B21B0C8365F80A8522
> 1BA8CC6DF40CC73B05B
> noaa.gov. 3600 IN DS 19789 5 2 ABA039285FD7FA9D26020
> 6DD4C12D93CE346644A753=
> 16A143A27883D E93FA35B
> noaa.gov. 3600 IN RRSIG DS 8 2 3600 20150205175724 2015
> 0129175724 4352 gov=
> . wB2UOo0xqtc9SX7uy4DiOlZkfret3kcdB9IDG93d5M28flNhhLnZSgSU K2ZFyjnlqb25k0Z8=
> uca2tSSpb8hOPldsvvKG8Rgs7x48+fgXciY2ovPn mzKedfsgTVtXGgjZsLAVovTY2y3weio1YU=
> SEziLeM9++yaJ0REA6JiQq 3HM=3D
>
> ;; ADDITIONAL SECTION:
> ns-e.noaa.gov. 86400 IN A 140.90.33.237
> ns-mw.noaa.gov. 86400 IN A 140.172.17.237
> ns-nw.noaa.gov. 86400 IN A 161.55.32.2
> ns-e.noaa.gov. 86400 IN AAAA 2610:20:8000:8c00::237
> ns-mw.noaa.gov. 86400 IN AAAA 2610:20:8800:8c00::237
> ns-nw.noaa.gov. 86400 IN AAAA 2610:20:8c00:8c00::2
>
> ;; Query time: 172 msec
> ;; SERVER: 69.36.157.30#53(69.36.157.30) ;; WHEN: Fri Jan 30 08:35:08 EST 2=
> 015 ;; MSG SIZE rcvd: 483
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59153 ;; flags: qr aa; =
> QUERY: 1, ANSWER: 15, AUTHORITY: 4, ADDITIONAL: 13
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; ANSWER SECTION:
> www.nhc.noaa.gov. 300 IN CNAME edge-nws.woc.noaa.gov.
> www.nhc.noaa.gov. 300 IN RRSIG CNAME 5 4 300 20150205145231 20
> 150129145231 =
> 49680 nhc.noaa.gov. LRzPzZS3xkV21r3YDBiCXUvroMnuT2Fw7jzjlmpusRhP82Ai+XPftnu=
> K rmbu9pqIgIA28pe7wR8Sz61LEfhvNtGfS9JOMcMPxQmBlny6/JWSgwBF hlIhOqyRSktraXTT=
> J/n9sSqC3/QjKFs+dWTTrynTy2ZvfWscqL2KakaT pqcSrhDolgyDocqsExzgcWjyPYSHwR/rCM=
> CcCje5PXfY1GrzrQ/UUMe0 rAr7kn6J1C0oDmUtbpIRYuqNQKwPp2EdIZ8akZmL151HDMcIlc2p=
> G+4X S5zdlMZ3lV/O8WC0E3Db31JIX1EmdjeSiUdhs7GmUC+XW496NdppsCo4 6JL8LQ=3D=3D
> edge-nws.woc.noaa.gov. 300 IN CNAME edge-p1.l.noaa.gov.
> edge-nws.woc.noaa.gov. 300 IN RRSIG CNAME 5 4 300 201502051
> 45342 2015012914=
> 5342 41187 woc.noaa.gov. CgEHsTvz6Z+gE8AdDTL/Uy7KuDgtzBwwURLgvu9uBSG9vQD7/a=
> xDgnSy oJOJ/Ir2OlQQEQi7fInwllHLYqFEby8MhBM0ADnkROVP4ixzQdv3Kbj3 d6ItRxGIzwz=
> fLEKOAkopeHsWiAy5Eepkeu3DNMyqxEi55AAATUzEJCN1 aU9RZokNfmhkv9rKY+lJXUPnXtpoa=
> OASXs9S5hJoI1MVsQWjbYSkiBy7 AnVYNTK8IlGnmk/pwIh9NVvygB2bcL0YIy8Cdvqv+7TdM3z=
> 4BfLl2T69 tAn7jdMRqDhEho9hdbw1BJqX2s3IBX9t83wZ9LgS+i/0nwXuGTmsPorZ ZHws6A=
> =3D=3D
> edge-p1.l.noaa.gov. 30 IN A 140.172.17.11
> edge-p1.l.noaa.gov. 30 IN A 140.172.17.21
> edge-p1.l.noaa.gov. 30 IN A 216.38.80.71
> edge-p1.l.noaa.gov. 30 IN A 216.38.80.81
> edge-p1.l.noaa.gov. 30 IN A 129.15.96.11
> edge-p1.l.noaa.gov. 30 IN A 129.15.96.21
> edge-p1.l.noaa.gov. 30 IN A 140.90.33.11
> edge-p1.l.noaa.gov. 30 IN A 140.90.33.21
> edge-p1.l.noaa.gov. 30 IN A 140.90.200.11
> edge-p1.l.noaa.gov. 30 IN A 140.90.200.21
> edge-p1.l.noaa.gov. 30 IN RRSIG A 5 4 30 20150205203218 2015012
> 9203218 5479=
> 5 l.noaa.gov. xhewX9CefTTIY4Hkic+g9CLZKDfiEVNwBFW6AH1M6JsZiH1qmXkddMOo N8rz=
> QxHVIoVMq27NnpBBRLzcNOqp6AlrxuA1VnCEtsWR3R9cvNSkU03N zrN7nzpdApGRT4T4Uyw6cF=
> TVPJQm8daZRhivqJ2Htgf+bZKB9Dj2yG9R 5ppoZpZ9Scf79n7Ul+Rt/beM7eZYmNsBBP0O2Kw+=
> e75hqySyB3plB70p 9hI1QJTsYTgTyCEt0IHu4oXLFpGIRltkEI7GJ13U7UlgPDJaY+OU3Rut 0=
> lL7V/xWhOabF17mAA+7J/eqYPKcAt/vE9e0tAyyc56791Nn+NCVir/z eolq0Q=3D=3D
>
> ;; AUTHORITY SECTION:
> l.noaa.gov. 86400 IN NS ns-mw.noaa.gov.
> l.noaa.gov. 86400 IN NS ns-nw.noaa.gov.
> l.noaa.gov. 86400 IN NS ns-e.noaa.gov.
> l.noaa.gov. 86400 IN RRSIG NS 5 3 86400 20150205203218 201
> 50129203218 5479=
> 5 l.noaa.gov. TxJ2hj2WgSC/rUoUboTxelNmPEyJYoDSuy7iBcmS3A6cCtEK5TU46R8g zFDR=
> 7beDuAiz8rgcef5gW9s8DW6CVvZ2Drw71edldQgVh5OjNgxoQED5 jCexouzP0JajUI5BZqGMqs=
> 2l2mRdRXqrDMOky5mgctOD4HmqC4PfDwYs XxWJClW13J4YS/QkYB9IiHGWXLjYb+TvDyqRyxYP=
> ZAzLybfTLj+nMkky O34ke7t87tM5aF1m8V7+E1hf8MJLqy+2HSJK9SUJeqZj2strYMNz9vP7 7=
> KP5wtbHCAe3qRELDSPj3/63L3gvNvVhLBhwUb4xSEhU7WWZgWHKbNfj w7Fx/Q=3D=3D
>
> ;; ADDITIONAL SECTION:
> ns-e.noaa.gov. 86400 IN A 140.90.33.237
> ns-e.noaa.gov. 86400 IN AAAA 2610:20:8000:8c00::237
> ns-mw.noaa.gov. 86400 IN A 140.172.17.237
> ns-mw.noaa.gov. 86400 IN AAAA 2610:20:8800:8c00::237
> ns-nw.noaa.gov. 86400 IN A 161.55.32.2
> ns-nw.noaa.gov. 86400 IN AAAA 2610:20:8c00:8c00::2
> ns-e.noaa.gov. 86400 IN RRSIG A 5 3 86400 20150205145
> 234 20150129145234 45=
> 702 noaa.gov. fuCsyeBpUCiKExnAveteeEZttukTfrtFCPw9PUsE2/F7T1BiWUbpedsp zq57=
> wmrH4fc7Qe11h420poeK0nDMbQpwKfmQwRpMhCGEWG/ZgeK6PoXa uNH1YIf9giMGUn055trEvH=
> XRTcwsBZq8/CqfyeSHPjKd5QRoQGvEXoP1 GGzrlINzlDNaExNmWJRBDC7q8uDRKRLC28fYBkOR=
> UK3z5+2HzqWrCeHi pjWRmyE53WTLwq/960YQ4S//bOlT6OBTzP2N7S9fhR7cIwvFBrgEuBqQ +=
> 1eNmCXqz6nDPmjqysjnI/wtb6d/HMYiJpXu07hcLiPQ9/4Z3+jbbGAQ k0ii8Q=3D=3D
> ns-e.noaa.gov. 86400 IN RRSIG AAAA 5 3 86400 20150205
> 145234 20150129145234=
> 45702 noaa.gov. zy8WYbgybQ8ijOX7NuUmhl2nftvgytTeyv5ZQuIDfVvo2lWmnTQK51Mm Y=
> RZnRMfN/Sms5Hg3YN5HE3nVxXs6/OGx758DDPyleSygPAzzxDM5I7jf ZJNBOp3FH3hLh7fMhcT=
> 4zz5TycIWxwBjThYDU2Q7BGGykMLrJyz3W7d+ T2S2WzVCzbV5WdgnfQpf1bdYOi+UvNpdc2vBq=
> u96SOKKiCxHBuBQGoqO RfTo/qhMSIRR+gWfHm2uOweDzx8roD97AvJ0OuiUERYEnZ03JSYB/++=
> 9 fiMzz0Ke0nuChztkQYxx+EWeZQZx1ekE44+HwOZdXv7ksUJpEGCfpISI zoFOGg=3D=3D
> ns-mw.noaa.gov. 86400 IN RRSIG A 5 3 86400 20150205145
> 234 20150129145234 4=
> 5702 noaa.gov. dZ3g54AHjVYtJkMq+52Q2uvgu2lrtxtzFbwcWnaxBsE4lSsHpa0jTX3v hoE=
> Y96GbmBNR6oxuwV8Gr2KS576IULKvP4c5y6+LGtZsHXPWkIacQA0M uNSfnY6yYXMDJHjvdgGPF=
> tpo11akDgSFHWe8VxxHDnfGx9ZfLZq4Q1nB OAenmjRqr93FbKz2LbEGjHm3Rkou0bZgvR1hpeK=
> 0ElhkTn5aX8vscrgQ Tiw9K2u3aFuj+DFMb7w33W4WFCc1oUwULgg8sI5EjNHDHZRIFLdzJ4MC =
> AQuKw0Iet5el/2UmU4qv9u9zLCteQ4kALJuQ0hDQDYEHrNkPG+uvAhaD 0X9UZQ=3D=3D
> ns-mw.noaa.gov. 86400 IN RRSIG AAAA 5 3 86400 20150205
> 145234 2015012914523=
> 4 45702 noaa.gov. zCbaVxy40gnAYAoC8qY9iWEzAlAkNwmDZhY+7BDgLb5DAYpAexoMlckq =
> FIISulHYwitORYGOkdLkM5odhoKXh7Znr+UE7OZ0eve6j0pehuP/X/Mp N8tzccZc86sWzUSqqU=
> hV533FaCxkDhoB7WzRIoSLAwnDeFuH0NDMvgA0 jZ+hCCC2lzI6GGO29PQ80EmFUd4vyBFLT1YO=
> bNEQwUE7EEZcRi4SIXGq JJFrlqhPSd2jhaSbNNwJJ4cckc94L1G4ujP1W+OIJLk1QIQ057ph+H=
> 71 jFNIfqesjAYEJaEB52WhzOkBl0ASdSBHznmYZkPLlE8mYbZfm7SgFFqY EpJHhw=3D=3D
> ns-nw.noaa.gov. 86400 IN RRSIG A 5 3 86400 20150205145
> 234 20150129145234 4=
> 5702 noaa.gov. 2q8ipHzvJFt+ST9w83x+CvgDcRjDKUpfnCcHQAPDxi1CKrj2slwq0cDc avK=
> kHpsSPJEfTfDe3/UXtFwJEyxYcLoVcHXL+Q8ITyabrOMbH0L0RPhR Ptpk3SIGU7kr1wi8qOGPd=
> /oFjbNqhtCqWRcsiMNySRerC4TsSTYdNe/3 kNHubIeBaEF8BlJ3uI44rowGnEzmM5EOLfyZS5d=
> C5ZQIIO4uIf/F0uJy 3kcSh1X8XLcXapsZ9x6bRPct9A7ia3uFHrSMVGoC8lPnJdFRjYK3JKZn =
> fKxv6V8YjzL7vs1OoMhbjT4c6OrnpRDyeux7yZ/1cVGwfnj/UlrS5SXb vEAfpg=3D=3D
> ns-nw.noaa.gov. 86400 IN RRSIG AAAA 5 3 86400 20150205
> 145234 2015012914523=
> 4 45702 noaa.gov. szU3JWwU+AXmn2gZqgGgCBNOlVB1jrMRUuX277zCHa+KbstEX5DrkdGg =
> RWCwV91zhq9LzswfykGg4MRI3n1CuZj9G2u0YD8goF5inCSYgQrF14+Y iNigxkHPEdYWyEQZeO=
> v3jPm/nZDV9vHt8SxUxYVVEQ7Cbj9+rwxdY2n1 PA5oc5On4yvKZt96Oy1igcxiWtby5uKDhlx1=
> e1DkoW0DFYZ5AAwF4nbQ iP5d/8qlJd8VpXigP9VxMlNtD9e1cTWgUwpv3iOEJpZRo1ey/4OfGu=
> vP I17k64Ex/3x5FAX12FTR3z5s51HGSCTguVVZgzJsvy0DrwCIL07xZOtG zRBEXQ=3D=3D
>
> ;; Query time: 265 msec
> ;; SERVER: 140.172.17.237#53(140.172.17.237) ;; WHEN: Fri Jan 30 08:35:08 E=
> ST 2015 ;; MSG SIZE rcvd: 3419
>
>
>
> In message <F5FC122448E1BA4A8D6D2119430B41D54724C677 at MAILMB06.swe.la.gov>, =
> Brad Bendily writes:
> > So, for a while we have had issues with resolving www.nhc.noaa.gov.
> >=20
> > In the past, a full restart of named fixed it for some amount of time.
> >=20
> > Last week I updated our named to 9.9.6-P1, so I assumed whatever the=20
> > problem was would be resolved by this update. Apparently not.
> >=20
> > As you can see from the dig commands below. One resolves correctly,=20
> > then 2 mi nutes later SERVFAIL. How can I troubleshoot this further?
> >=20
> > thanks
> > bb
> >=20
> > dr93la08:/var/lib/named/slave # dig www.nhc.noaa.gov
> >=20
> > ; <<>> DiG 9.9.6-P1 <<>> www.nhc.noaa.gov ;; global options: +cmd ;;=20
> > Got answ
> > er:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27700 ;; flags: qr=20
> > rd ra;
> > QUERY: 1, ANSWER: 12, AUTHORITY: 2, ADDITIONAL: 4
> >=20
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;www.nhc.noaa.gov. IN A
> >=20
> > ;; ANSWER SECTION:
> > www.nhc.noaa.gov. 300 IN CNAME edge-nws.woc.noaa.gov.
> > edge-nws.woc.noaa.gov. 300 IN CNAME edge-p1.l.noaa.gov.
> > edge-p1.l.noaa.gov. 30 IN A 140.172.17.11
> > edge-p1.l.noaa.gov. 30 IN A 140.90.33.11
> > edge-p1.l.noaa.gov. 30 IN A 140.172.17.21
> > edge-p1.l.noaa.gov. 30 IN A 129.15.96.21
> > edge-p1.l.noaa.gov. 30 IN A 216.38.80.71
> > edge-p1.l.noaa.gov. 30 IN A 140.90.200.21
> > edge-p1.l.noaa.gov. 30 IN A 140.90.33.21
> > edge-p1.l.noaa.gov. 30 IN A 216.38.80.81
> > edge-p1.l.noaa.gov. 30 IN A 129.15.96.11
> > edge-p1.l.noaa.gov. 30 IN A 140.90.200.11
> >=20
> > ;; AUTHORITY SECTION:
> > gov. 172795 IN NS a.gov-servers.net.
> > gov. 172795 IN NS b.gov-servers.net.
> >=20
> > ;; ADDITIONAL SECTION:
> > a.gov-servers.net. 172795 IN A 69.36.157.30
> > a.gov-servers.net. 172795 IN AAAA 2001:500:4431::2:30
> > b.gov-servers.net. 172795 IN A 209.112.123.30
> >=20
> > ;; Query time: 3641 msec
> > ;; SERVER: 10.120.11.107#53(10.120.11.107) ;; WHEN: Thu Jan 29=20
> > 11:52:24 CST 2
> > 015 ;; MSG SIZE rcvd: 363
> >=20
> >=20
> >=20
> > dr93la08:/var/lib/named/slave # dig www.nhc.noaa.gov
> >=20
> > ; <<>> DiG 9.9.6-P1 <<>> www.nhc.noaa.gov ;; global options: +cmd ;;=20
> > Got answ er:k ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id:=20
> > 64437 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,=20
> > ADDITIONAL: 1
> >=20
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;www.nhc.noaa.gov. IN A
> >=20
> > ;; Query time: 320 msec
> > ;; SERVER: 10.120.11.107#53(10.120.11.107) ;; WHEN: Thu Jan 29=20
> > 11:53:59 CST 2
> > 015 ;; MSG SIZE rcvd: 45
> >=20
> >=20
> > bb
> >=20
> > Brad Bendily
> > System Administrator
> > Northrop Grumman Corporation
> > Louisiana Dept. of
> > Children and Family Services
> > brad.bendily at la.gov
> > 225.342.6972
> >=20
> >=20
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to=20
> > unsubscribe from this list
> >=20
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list