Resolver failures after stale-answer enabled
Blažej Krajňák
blazej.krajnak at gmail.com
Wed Oct 27 09:53:29 UTC 2021
Hello,
few days ago I updated our recursive resolvers at AS50242 from Debian
10 to 11 to be able to enable stale-answer afer Facebook incident.
However, today I got bug reports from customers. Their browser often
fail at page loading with DNS_PROBE_FINISHED_NXDOMAIN. After few
seconds (and after browser DNS re-query) page will load correctly. In
Bind9 log I see many of messages like:
Oct 27 11:34:13 srv-snv-production named[576109]:
configuration.ls.apple.com resolver failure, stale answer unavailable
Oct 27 11:34:13 srv-snv-production named[576109]: client
@0x7fc71806cd58 10.202.42.196#58876 (configuration.ls.apple.com): view
clients: query failed (SERVFAIL) for
configuration.ls.apple.com/IN/TYPE65 at query.c:5832
Oct 27 11:34:13 srv-snv-production named[576109]:
configuration.ls.apple.com resolver failure, stale answer unavailable
Oct 27 11:34:13 srv-snv-production named[576109]: client
@0x7fc7180715a8 10.202.42.196#49219 (configuration.ls.apple.com): view
clients: query failed (SERVFAIL) for configuration.ls.apple.com/IN/A
at query.c:5832
After I turned off stale-answer, problem looks to be resolved. I'm
attaching huge debug log of above failures - hope somebody will find
problem from this. The problematic query starts at 27-Oct-2021
11:34:13.858
https://drive.google.com/file/d/1qiyLa8CfNN54PUktth6R4kT8PpohNsde/view?usp=sharing
Linux srv-le-production 5.10.0-9-amd64 #1 SMP Debian 5.10.70-1
(2021-09-30) x86_64 GNU/Linux
bind9/stable,now 1:9.16.15-1 amd64
Regards,
Blažej Krajňák
More information about the bind-users
mailing list