BIND 9 recursive queries returning SERVFAIL for 'legit' domain

Ondřej Surý ondrej at isc.org
Wed Jun 17 16:41:23 UTC 2020 

Hi Ian,

the first thing you should do is to contact the zone owner to fix their nameservers/load-balancer. The zone/domain might be “legit”, but its nameservers are violating the DNS protocol. Maybe you won’t have to maintain a list of exceptions.

If that doesn’t work, this is the configuration option you are looking for: https://bind9.readthedocs.io/en/latest/reference.html?highlight=Cookie#server-statement-grammar

Ondrej
--
Ondřej Surý — ISC

> On 17 Jun 2020, at 17:22, Ian Springett <ian.springett at giacom.com> wrote:
> 
> 
> Hi
> I have an issue with BIND 9.14.11 and recursive queries to one particular domain. DIG result is SERVFAIL and ‘bad cookie’ is logged in /var/log/messages & /var/log/named.run
>  
> The domain has two DNS servers behind a load balancer which is causing the bad cookie result. Would this in itself be enough to cause the SERVFAIL and if so is there a way to have exceptions for known ‘good’ domains?
> Rgds
> Ian
>  
> Ian Springett
> Hosted Services Engineer
> <image001.png>
> Giacom World Networks Ltd
> Tel: 0845 305 5577
> Fax: 01482 330194
> Email: ian.springett at giacom.com
> Website: www.giacom.com
>  
> IMPORTANT:
> Legally privileged/confidential information may be contained in this message. If you are not the addressee(s) legally indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message, and notify us immediately. If you or your employer does not consent to Internet e-mail messages of this kind, please advise us immediately. Opinions, conclusions and other information expressed in this message are not given or endorsed by my firm or employer unless otherwise indicated by an authorised representative independent of this message.
> Please note that neither my employer nor I accept any responsibility for viruses and it is your responsibility to scan attachments (if any). This email and any files transmitted are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error, please notify me by returning the email.
>  
> Giacom World Networks Limited, Company No 03813447 Registered in England & Wales, Registered Office:  Bridge Haven One, Saxon Way, Priory Park, Hessle, East Yorkshire  HU13 9PG.
>  
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200617/13608e70/attachment-0001.htm>

More information about the bind-users mailing list