SERVFAIL IPv6 debugging

Sanjai Gandhi K off53-del at supportgov.in
Fri Jan 20 03:58:00 UTC 2023 

Hi Bruce,

Kindly Check the actual root cause for this "SERVFAIL" error from the following log messages of your system.

/var/log/messages

With Regards.
K.Sanjai Gandhi.

----- Original Message -----
From: "Bruce Duncan" <Bruce.Duncan at ed.ac.uk>
To: bind-users at lists.isc.org
Sent: Wednesday, January 18, 2023 6:01:32 PM
Subject: SERVFAIL IPv6 debugging

Hi bind-users,

Apologies if this is inappropriate for this list. I am trying to debug a 
failure to resolve an external name.

It appears that when I try to resolve the name ec.europa.eu over IPv6 
using either dig +trace or with a caching named that it sometimes fails:

[nimbus]root: dig -6 ec.europa.eu

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 <<>> -6 ec.europa.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29328
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ec.europa.eu.            IN    A

;; Query time: 13 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Jan 18 12:09:35 GMT 2023
;; MSG SIZE  rcvd: 41

Sometimes I need to rndc flush and try again a few times before it 
fails. The named log says:

2023-01-18T12:09:35.145500+00:00 nimbus named[11833]: client 
@0x7f35e6fec700 ::1#35963 (ec.europa.eu): view internet: query failed 
(SERVFAIL) for ec.europa.eu/IN/A at ../../../bin/named/query.c:8580

Various posts on the web suggest that query.c:8580 is related to dnssec 
validation, however even with dnssec turned off in /etc/named.conf the 
query still fails. I've tried setting rndc trace 9 but I get no more 
information about why the query has failed. Query logging is enabled but 
there is no information there either.

I suspect there is some misconfiguration of the domain. dig -6 +trace 
sometimes complains that it can't find an address for some servers, but 
I don't understand why this would make the query fail completely sometimes.

Any help appreciated!

Thanks,

Bruce
-- 
With Regards,
K.Sanjai Gandhi.

More information about the bind-users mailing list