Periodic SERVFAIL for TLD .BY
Mark Andrews
marka at isc.org
Fri Apr 1 20:41:28 UTC 2022
Add a static-stub zone for .by which has the addresses of the nameservers for .by configured. This will break the stupid address fetching loop.
The real fix is for .by to use nameservers that are directly in .by or ones thot don’t require a loop to get there addresses.
--
Mark Andrews
> On 2 Apr 2022, at 07:10, Dzmitry Shykuts <dshykuts at gmail.com> wrote:
>
>
> Can anyone suggest something? Can someone tell me which server timeout? I would be very happy for any help!
>
> вт, 29 мар. 2022 г. в 17:02, Dzmitry Shykuts <dshykuts at gmail.com>:
>> Hello! Can anybody help me with periodic and critical for me SERVFAIL? Cannot determine the source of the problem.
>>
>> I have Debian 11.3 and BIND9 9.16.27 on it. There was no such problem earlier.
>>
>> I do request:
>>
>> <<>> DiG 9.16.27-Debian <<>> 103.by +trace
>> ;; global options: +cmd
>> . 518377 IN NS e.root-servers.net.
>> . 518377 IN NS a.root-servers.net.
>> . 518377 IN NS h.root-servers.net.
>> . 518377 IN NS k.root-servers.net.
>> . 518377 IN NS b.root-servers.net.
>> . 518377 IN NS i.root-servers.net.
>> . 518377 IN NS j.root-servers.net.
>> . 518377 IN NS d.root-servers.net.
>> . 518377 IN NS c.root-servers.net.
>> . 518377 IN NS m.root-servers.net.
>> . 518377 IN NS f.root-servers.net.
>> . 518377 IN NS g.root-servers.net.
>> . 518377 IN NS l.root-servers.net.
>> . 518377 IN RRSIG NS 8 0 518400 20220411050000 20220329040000 9799 . keszTJZg3TCzY3s4UyinKYe7VwZGGf/8kHoWzJ2Ab3n4ctBt8gtleqC0 UZqIIjc9Ez9srWGGeNn2gRUtB65QvL99oX5gD5VI6h1SY81OC0HcBx2c 80SZJ0s9qpNmkDDcp4EUNlgoheDkBAtB3MsIRIVA6T746gBthcVKLHxC rpOy7ELdgDtHwtq8jL5QIFae6QlIGuO95nflzk31VoL/yhCxvpzIXEfq QJlJQf21YJtAtYnY7vJJwuDVT20y/cj5W7PNxSkNLMoukqUXOeH/w2yB 0yNkwbKLBZUkyrE5tQmlq5AnScofbT7ffOYB9o9ug39DgCTcqSeNZDYX 0Gekmg==
>> ;; Received 1137 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
>>
>> by. 172800 IN NS dns5.tld.becloudby.com.
>> by. 172800 IN NS dns2.tld.becloudby.com.
>> by. 172800 IN NS dns3.tld.becloudby.com.
>> by. 172800 IN NS dns4.tld.becloudby.com.
>> by. 172800 IN NS dns1.tld.becloudby.com.
>> by. 86400 IN DS 495 13 2 2D14284F8E47B53F839BD8068D438680B4B6C7A645769C9D89B47DF0 C5359B7B
>> by. 86400 IN RRSIG DS 8 1 86400 20220411050000 20220329040000 9799 . IAk+oEOmuQVbb8RyxB9ML/GOwnLIaQdi0XMD8Y7san2AIx2lXeEZp3AV fNgYQfTnVrGyi3ylXNkVmQXnqDdrPK8iJu6mKvmaI40sQwv8xDyx5Fnz VaNHcY4+J3fQwSp+TrFxQuAlW3g3CFaUVNLk20V/TQUycVA75c+3TrW4 IQJ1aua0lDsG1JS7BigHryUH9Vy8nSyuikYOIiML0BTTTqFQN7yk4AiE 3gbYMuCsMHQKfAIXpswc/i1eGEW7yi5USnQqza4P2YEDrUhSUps5N2u5 /UwdS1BsmW17WZRbfDudeL4y471jwKhYgCCycGI1whtToDA452nvDJL2 it6mlg==
>> couldn't get address for 'dns5.tld.becloudby.com': failure
>> couldn't get address for 'dns2.tld.becloudby.com': failure
>> couldn't get address for 'dns3.tld.becloudby.com': failure
>> couldn't get address for 'dns4.tld.becloudby.com': failure
>> couldn't get address for 'dns1.tld.becloudby.com': failure
>> dig: couldn't get address for 'dns5.tld.becloudby.com': no more
>>
>> Request SERVFAILed. When I do "rndc flush" several times, the problem has gone for a while. After some time I get SERVFAIL again. Now I'm forwarding the zone to Google DNS and there is no such problem.
>>
>> There is a some debug log from BIND of the problem:
>>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220402/0868ec40/attachment.htm>
More information about the bind-users
mailing list