why this query cause ServFail
Hillary Nelson
nelsonhillary8 at gmail.com
Sat Sep 10 22:03:33 UTC 2016
I've double checked our nameserver config and there shouldn't be any stub
involved when resolving this domain, we don't have forwarder configured.
After flush the cache or the cache expires itself(the ttl is short), bind
almost always hit another server and works, we have 9 named resolvers,
anytime I checked there are always one or two(not the same ones) has
problem with this domain.
The nameserver is dedicated and on RHEL 6.8, tcpdump command:
tcpdump -i any -nn port 53
Here is named.conf, please let me know if there is anythings else needed:
include "/etc/rndc.key";
include "/named/acl";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { localkey; };
};
options {
listen-on-v6 { any; };
listen-on { any; };
directory "/named";
dump-file "/var/run/named_dump.db";
pid-file "/var/run/named.pid";
recursing-file "/var/run/named.recursing";
statistics-file "/var/run/named.stats";
transfer-format many-answers;
max-transfer-time-in 60;
resolver-query-timeout 30;
check-names master ignore;
check-names slave ignore;
check-names response ignore;
datasize default;
stacksize default;
coresize default;
files unlimited;
recursion yes;
notify no;
auth-nxdomain no;
version "unknown";
response-policy { zone "dns-policy.rpz.zone"; };
allow-transfer { xfer; };
allow-query { all-allowed; };
allow-query-cache { all-allowed; };
allow-recursion { all-allowed; };
blackhole { bogon; };
include "validate";
include "anycast.server";
};
server fe80::/16 { bogus yes; };
server ::/0 { bogus yes; };
include "logging.conf";
include "trusted-keys.conf";
include "gen.conf";
include "rpz.conf";
include "Secondary.conf";
Thanks!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160910/6773888a/attachment-0001.html>
More information about the bind-users
mailing list