intermittent SERVFAIL for high visible domains such as *.google.com

Brian J. Murrell brian at interlinx.bc.ca
Sat Jan 20 18:33:29 UTC 2018 

OK.  I now have named trace logging

http://brian.interlinx.bc.ca/named.run.log

and a packet dump:

http://brian.interlinx.bc.ca/dns-packets.txt

that demonstrates how BIND is getting .com referrals from the root
servers when doing a query for www.google.com and then doing nothing
with those referrals before returning a SERVFAIL.

The packet trace also shows that BIND queried ns2.google.com for an RR:

18:04:42.444669 IP server.interlinx.bc.ca.8727 > ns2.google.com.domain: 4359% [1au] AAAA? playatoms-pa.googleapis.com. (56)
18:04:42.491612 IP ns2.google.com.domain > server.interlinx.bc.ca.8727: 4359*- 2/0/0 CNAME googleapis.l.google.com., AAAA 2607:f8b0:400b:80e::200a (107)
18:04:42.494681 IP server.interlinx.bc.ca.21592 > ns2.google.com.domain: 50060% [1au] AAAA? googleapis.l.google.com. (52)
18:04:42.541496 IP ns2.google.com.domain > server.interlinx.bc.ca.21592: 50060*- 1/0/0 AAAA 2607:f8b0:400b:808::200a (69)

only 9 seconds before returning a SERVFAIL on another name that same
server is authoritative for so it had data for at least one of the
servers that are authoritative for the domain.  Yet only 8 seconds
later it starts looking for it's IP address again.

At 18:04:50.805 it started the A and AAAA queries for ns2.google.com:

19-Jan-2018 18:04:50.805 fctx 0x7f10230b1950(ns2.google.com/A): start
19-Jan-2018 18:04:50.805 fctx 0x7f10230b1950(ns2.google.com/A): try
19-Jan-2018 18:04:50.805 fctx 0x7f10230b1950(ns2.google.com/A): cancelqueries
19-Jan-2018 18:04:50.805 fctx 0x7f10230b1950(ns2.google.com/A): getaddresses
19-Jan-2018 18:04:50.805 fctx 0x7f10230b1950(ns2.google.com/A): query
19-Jan-2018 18:04:50.805 resquery 0x7f10230b60d0 (fctx 0x7f10230b1950(ns2.google.com/A)): send
19-Jan-2018 18:04:50.806 resquery 0x7f10230b60d0 (fctx 0x7f10230b1950(ns2.google.com/A)): sent
19-Jan-2018 18:04:50.807 fctx 0x7f102309d0d0(ns2.google.com/AAAA): start
19-Jan-2018 18:04:50.807 fctx 0x7f102309d0d0(ns2.google.com/AAAA): try
19-Jan-2018 18:04:50.807 fctx 0x7f102309d0d0(ns2.google.com/AAAA): cancelqueries
19-Jan-2018 18:04:50.807 fctx 0x7f102309d0d0(ns2.google.com/AAAA): getaddresses
19-Jan-2018 18:04:50.807 fctx 0x7f102309d0d0(ns2.google.com/AAAA): query
19-Jan-2018 18:04:50.807 resquery 0x7f10230b68e0 (fctx 0x7f102309d0d0(ns2.google.com/AAAA)): send
19-Jan-2018 18:04:50.807 resquery 0x7f10230b68e0 (fctx 0x7f102309d0d0(ns2.google.com/AAAA)): sent
19-Jan-2018 18:04:50.808 resquery 0x7f10230b60d0 (fctx 0x7f10230b1950(ns2.google.com/A)): udpconnected
19-Jan-2018 18:04:50.808 resquery 0x7f10230b60d0 (fctx 0x7f10230b1950(ns2.google.com/A)): senddone
19-Jan-2018 18:04:50.808 resquery 0x7f10230b68e0 (fctx 0x7f102309d0d0(ns2.google.com/AAAA)): udpconnected

At 18:04:51.236 it got the referral to the .com servers:

19-Jan-2018 18:04:51.236 fctx 0x7f102309d0d0(ns2.google.com/AAAA): sendevents
19-Jan-2018 18:04:51.236 resquery 0x7f10230b60d0 (fctx
0x7f10230b1950(ns2.google.com/A)): response
19-Jan-2018 18:04:51.236 received packet:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:   9693
;; flags: qr; QUESTION: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;ns2.google.com.			IN	A

;; AUTHORITY SECTION:
com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			86400	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.			86400	IN	RRSIG	DS 8 1 86400 20180201200000 20180119190000 41824 . kw9YN9f0zLsasR4xqRWC5zNwOlfhY7/1WwhfHnJpqpUpZok9MPefvv8q JpAG4ZVed57r4oZzv0dB1l3fu+dEZi7UFS1xX6H0GFxGDYrpLuXR4Emn +1ih6zIM/iWE0O6H7ElgTvgs4tZNJ7n2BX4keEAtCCSa0j9OtEYAlxHx SZumcmDxb/btwTmuT9BfxXj0UeJ/96rud5jfuz+fi6cF8fuiy728262G FjjzjjO8T1qqPcRlDDm41JXe5D0XmKV13T+I2bSaRHp5HSp0TV2p3mGH 2UobkPZ9pUpGvCwgsNaxjyCBVosnOUbQJ2uKQUQlkrMqQakDjvvPcT1h OgqYMA==

;; ADDITIONAL SECTION:
a.gtld-servers.net.	172800	IN	A	192.5.6.30
a.gtld-servers.net.	172800	IN	AAAA	2001:503:a83e::2:30
b.gtld-servers.net.	172800	IN	A	192.33.14.30
b.gtld-servers.net.	172800	IN	AAAA	2001:503:231d::2:30
c.gtld-servers.net.	172800	IN	A	192.26.92.30
c.gtld-servers.net.	172800	IN	AAAA	2001:503:83eb::30
d.gtld-servers.net.	172800	IN	A	192.31.80.30
d.gtld-servers.net.	172800	IN	AAAA	2001:500:856e::30
e.gtld-servers.net.	172800	IN	A	192.12.94.30
e.gtld-servers.net.	172800	IN	AAAA	2001:502:1ca1::30
f.gtld-servers.net.	172800	IN	A	192.35.51.30
f.gtld-servers.net.	172800	IN	AAAA	2001:503:d414::30
g.gtld-servers.net.	172800	IN	A	192.42.93.30
g.gtld-servers.net.	172800	IN	AAAA	2001:503:eea3::30
h.gtld-servers.net.	172800	IN	A	192.54.112.30
h.gtld-servers.net.	172800	IN	AAAA	2001:502:8cc::30
i.gtld-servers.net.	172800	IN	A	192.43.172.30
i.gtld-servers.net.	172800	IN	AAAA	2001:503:39c1::30
j.gtld-servers.net.	172800	IN	A	192.48.79.30
j.gtld-servers.net.	172800	IN	AAAA	2001:502:7094::30
k.gtld-servers.net.	172800	IN	A	192.52.178.30
k.gtld-servers.net.	172800	IN	AAAA	2001:503:d2d::30
l.gtld-servers.net.	172800	IN	A	192.41.162.30
l.gtld-servers.net.	172800	IN	AAAA	2001:500:d937::30
m.gtld-servers.net.	172800	IN	A	192.55.83.30
m.gtld-servers.net.	172800	IN	AAAA	2001:501:b1f9::30


19-Jan-2018 18:04:51.237 fctx 0x7f10230b1950(ns2.google.com/A): noanswer_response
19-Jan-2018 18:04:51.237 log_ns_ttl: fctx 0x7f10230b1950: noanswer_response: ns2.google.com (in '.'?): 1 518400
19-Jan-2018 18:04:51.237 log_ns_ttl: fctx 0x7f10230b1950: DELEGATION: ns2.google.com (in 'com'?): 0 518400
19-Jan-2018 18:04:51.237 fctx 0x7f10230b1950(ns2.google.com/A): cache_message
19-Jan-2018 18:04:51.238 fctx 0x7f10230b1950(ns2.google.com/A): cancelquery
19-Jan-2018 18:04:51.238 fctx 0x7f10230b1950(ns2.google.com/A): nameservers now above QDOMAIN
19-Jan-2018 18:04:51.238 fctx 0x7f10230b1950(ns2.google.com/A): done
19-Jan-2018 18:04:51.238 fctx 0x7f10230b1950(ns2.google.com/A): stopeverything
19-Jan-2018 18:04:51.238 fctx 0x7f10230b1950(ns2.google.com/A): cancelqueries

which it doesn't then seem to do anything with which the packet trace
confirms:

18:04:50.806192 IP server.interlinx.bc.ca.30549 > l.root-servers.net.domain: 9693% [1au] A? ns2.google.com. (43)
18:04:50.807914 IP server.interlinx.bc.ca.39478 > l.root-servers.net.domain: 23406% [1au] AAAA? ns2.google.com. (43)
...
18:04:50.844099 IP l.root-servers.net.domain > server.interlinx.bc.ca.39478: 23406- 0/15/27 (1174)
18:04:50.844341 IP l.root-servers.net.domain > server.interlinx.bc.ca.30549: 9693- 0/15/27 (1174)

before it returns a SERVFAIL to the client:

18:04:51.287985 IP server.interlinx.bc.ca.domain > jennifers-g3.interlinx.bc.ca.48464: 35463 ServFail 0/0/0 (32)

So why is BIND giving up and not following the referrals sometimes?

Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180120/9b817a81/attachment.bin>

More information about the bind-users mailing list