HELP - Domain resolution failed

Mukund Sivaraman muks at isc.org
Tue Jul 18 14:35:38 UTC 2017 

> root at recursivo-a:~# dig icap-to.com.br
> 
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> icap-to.com.br
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32316
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;icap-to.com.br.                        IN      A
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Tue Jul 18 10:41:59 BRT 2017
> ;; MSG SIZE  rcvd: 43

> root at recursivo-a:~# /etc/init.d/bind9 restart
> [ ok ] Restarting bind9 (via systemctl): bind9.service.
> 
> 
> root at recursivo-a:~# dig icap-to.com.br
> 
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> icap-to.com.br
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65065
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;icap-to.com.br.                        IN      A
> 
> ;; ANSWER SECTION:
> icap-to.com.br.         14400   IN      A       192.185.216.81

Notice that the TTL of the address record is 14400, which is 4 hours.

> ;; AUTHORITY SECTION:
> icap-to.com.br.         86400   IN      NS      ns2.desenvolvesistemas.com.
> icap-to.com.br.         86400   IN      NS      ns1.desenvolvesistemas.com.

The nameservers in the NS records in the zone do not exist, so when BIND
goes to refetch the answer after TTL expiry, it doesn't find the
nameservers and fails.

For the original resolution, the parent nameserver returns:

[muks at jurassic bind9]$ bin/dig @d.dns.br icap-to.com.br.

; <<>> DiG 9.12.0-pre-alpha <<>> @d.dns.br icap-to.com.br.
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33669
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;icap-to.com.br.			IN	A

;; AUTHORITY SECTION:
icap-to.com.br.		86400	IN	NS	ns84.prodns.com.br.
icap-to.com.br.		86400	IN	NS	ns85.prodns.com.br.

;; Query time: 312 msec
;; SERVER: 200.219.154.10#53(200.219.154.10)
;; WHEN: Tue Jul 18 20:04:24 IST 2017
;; MSG SIZE  rcvd: 88

[muks at jurassic bind9]$ 

Tip: When you have failures with resolution, turn up named logging level
and check the logged messages.

		Mukund

More information about the bind-users mailing list