SERVFAIL on IPv6 tunnelbroker network

Patrik alabard at gmail.com
Wed Jul 25 06:08:01 UTC 2018 

Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump this
domain?
Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
    match-clients { "internal-enp1s0f3"; };
    match-recursive-only yes;
    recursion yes;
    allow-recursion { "internal-enp1s0f3"; };

    notify yes;
    allow-update { none; };
    allow-query { any; };
    allow-transfer { xfer; };
    include "/etc/bind/named.conf.default-zones";

    zone "patrikx3.com" {
        type master;
        file "/etc/bind/zones/enp1s0f3/patrikx3.com";
        include "/var/lib/samba/private/named.conf.update";
    };

    zone "corifeus.com" {
        type master;
        file "/etc/bind/zones/enp1s0f3/corifeus.com";
    };

    include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
    match-clients { "internal-enp1s0f2"; };
    match-recursive-only yes;
    recursion yes;
    allow-recursion { "internal-enp1s0f2"; };
     notify yes;
    allow-update { none; };
    allow-query { any; };
    allow-transfer { xfer; };

    include "/etc/bind/named.conf.default-zones";

    zone "patrikx3.com" {
        type master;
        file "/etc/bind/zones/enp1s0f2/patrikx3.com";
//        include "/var/lib/samba/private/named.conf.update";
    };

    zone "corifeus.com" {
        type master;
        file "/etc/bind/zones/enp1s0f2/corifeus.com";
    };

//    include "/var/lib/samba/private/named.conf";

};


view "external" {
    match-clients { any; };

    recursion no;
    additional-from-auth no;
    additional-from-cache no;

//    allow-transfer { any; }; // temporarily allowed for debugging purposes
    allow-transfer { none; };

//    zone "namesystem.tk" IN {
//        type master;
//        file "/etc/bind/zones/external.namesystem.tk";
//    };
};


*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36
20 342 8046




On Wed, Jul 25, 2018 at 8:05 AM Dns Admin <dnsadmdns at gmail.com> wrote:

> Hi Patrik,
>
> I don't see any SERVFAIL querying for this AAAA record.  maybe your
> "internal-enp1s0f3" view is configured to bump this domain?
>
> Kind Regards Peter
>
> dig aax-eu.amazon-adsystem.com aaaa
>
> ; <<>> DiG 9.10.2-P4 <<>> aax-eu.amazon-adsystem.com aaaa
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32650
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;aax-eu.amazon-adsystem.com.    IN      AAAA
>
> ;; AUTHORITY SECTION:
> aax-eu.amazon-adsystem.com. 60  IN      SOA     ns-924.amazon.com.
> root.amazon.com. 1532498091 3600 900 7776000 60
>
> ;; Query time: 67 msec
> ;; SERVER: 205.166.94.20#53(205.166.94.20)
> ;; WHEN: Wed Jul 25 05:59:58 UTC 2018
> ;; MSG SIZE  rcvd: 110
>
>
> On 25/07/2018 07:52, Patrik wrote:
>
> Hello!
>
> How are you?
> I started having a problem with BIND9. Something must have changed,
> because I start getting SERVFAIL a lot.
> Looks like this:
> 25-Jul-2018 07:44:09.647 client @0x7fa268223c10 192.168.78.30#56577 (
> aax-eu.amazon-adsystem.com): view internal-enp1s0f3: query failed
> (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
> ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 (
> aax-eu.amazon-adsystem.com): view internal-enp1s0f2: query failed
> (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
> ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.647 client @0x7fa2440c7ef0
> 2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com): view
> internal-enp1s0f3: query failed (SERVFAIL) for
> aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 (
> aax-eu.amazon-adsystem.com): view internal-enp1s0f2: query failed
> (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
> ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0
> 2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com): view
> internal-enp1s0f3: query failed (SERVFAIL) for
> aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.648 client @0x7fa2340836e0
> 2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com): view
> internal-enp1s0f2: query failed (SERVFAIL) for
> aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0
> 2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com): view
> internal-enp1s0f2: query failed (SERVFAIL) for
> aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
>
> To me, it looks like, the requests try the AAAA ipv6 addresses but they
> are not in IPv6 and because of that it gives a SERVFAIL.
> Is there a way to give a priority to the BIND9 request before the IPv6 and
> first try the IPv4 and if there is no IPv4 result, then try IPv6. Because
> now, it gives a few SERVFAIL (I have to refresh the browser, to make it
> work to get), I guess, get the IPv4 if only works after a few refreshes.
> Even, if I do a dig on it iit shows, there is no AAAA:
> root at server:/etc/nginx/sites-enabled# dig aax-eu.amazon-adsystem.com
>
> ; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27021
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: e45e832118506bb5a0758eeb5b580e51c9b57c8a8d971011 (good)
> ;; QUESTION SECTION:
> ;aax-eu.amazon-adsystem.com. IN A
>
> ;; ANSWER SECTION:
> aax-eu.amazon-adsystem.com. 60 IN A 52.94.216.48
>
> ;; AUTHORITY SECTION:
> aax-eu.amazon-adsystem.com. 860 IN NS ns-921.amazon.com.
> aax-eu.amazon-adsystem.com. 860 IN NS ns-911.amazon.com.
> aax-eu.amazon-adsystem.com. 860 IN NS ns-932.amazon.com.
> aax-eu.amazon-adsystem.com. 860 IN NS ns-931.amazon.com.
> aax-eu.amazon-adsystem.com. 860 IN NS ns-912.amazon.com.
> aax-eu.amazon-adsystem.com. 860 IN NS ns-923.amazon.com.
>
> ;; Query time: 52 msec
> ;; SERVER: 192.168.78.20#53(192.168.78.20)
> ;; WHEN: Wed Jul 25 07:44:49 CEST 2018
> ;; MSG SIZE  rcvd: 232
>
> Is there any solution for this? It just started happening in the last week.
>
> *Patrik*
> WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
> <https://www.npmjs.com/%7Epatrikx3> | Corifeus <https://corifeus.com> | +36
> 20 342 8046
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing listbind-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180725/6f981262/attachment-0001.html>

More information about the bind-users mailing list