Understanding query failed errors

Mark Andrews marka at isc.org
Sat Jun 3 00:12:43 UTC 2023 


> On 3 Jun 2023, at 07:04, Alex <mysqlstudent at gmail.com> wrote:
> 
> Hi,
> I'm using bind-9.18.15 on fedora37 and I'm trying to understand and troubleshoot some errors I'm receiving in the debug logs:
> 
> 31-May-2023 16:58:11.399 query-errors: info: client @0x7f8d18203b68 127.0.0.1#56268 (bounce.bwnews.bestwestern.com): query failed (SERVFAIL) for bounce.bwnews.bestwestern.com/IN/NS at ../../../lib/ns/query.c:7060

Looks like BestWestern can’t properly manage their DNS delegations.
At least you can call BestWestern and tell them that they have a problem.

The end of “dig +trace bwnews.bestwestern.com NS”. Notice that the SOA record
returned does not match the name of the zone delegated to the server.  It should
be a SOA record for "bwnews.bestwestern.com”, not “bestwestern.com”.

bestwestern.com. 172800 IN NS a28-67.akam.net.
bestwestern.com. 172800 IN NS a1-193.akam.net.
bestwestern.com. 172800 IN NS a11-64.akam.net.
bestwestern.com. 172800 IN NS a18-65.akam.net.
bestwestern.com. 172800 IN NS a5-64.akam.net.
bestwestern.com. 172800 IN NS a2-66.akam.net.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20230607042542 20230531031542 46551 com. Ey3iLrAN1zryAogTCDsJsS4SZtSZOvlnU8TBWboJo/rK/HAIo3TkN7b4 BOCVXNfQD+kFYeMk7iaEN4KGip+4+xQazhlHot/NR2LVldJR7WJkgaWM QWfzZnUqDmGtCX0hGzb6GwMqgm2i1H6gUHUQnhMmdmw359X9zZ1DYTq7 uYjN21iCdRfwZeRrf/nXIfKhYtiDXnK3EmLfkzq7cpOZUg==
MR8E2U446ASB27NERO9ET0O2C6JN94LI.com. 86400 IN NSEC3 1 1 0 - MR8ECIIIQGKD1UP7OMINE4KFD6DCJ97D NS DS RRSIG
MR8E2U446ASB27NERO9ET0O2C6JN94LI.com. 86400 IN RRSIG NSEC3 8 2 86400 20230608054334 20230601043334 46551 com. ZzSE4DLIOJx+li2tTwlK6/P+sWKeotdlXM94kypI3FfJBCkY2yYyAFHO aUPdtwtoTvaqjrNuOCJT+44fnVmTzFIXIpPj8SS5fNLlKNRWAGQSLgQI x3W30Dg8k+n23mvQm9DN9iqb/6KOEYqzKCHmXfU9OU+aGZmNJ2kCzfAX 7BM5JgXnXnoRKLh/hpWAUVPBRvWSvkPcTbzxnp4ZxPnDiA==
;; Received 739 bytes from 192.41.162.30#53(l.gtld-servers.net) in 135 ms

bwnews.bestwestern.com. 3600 IN NS ns2.acoustic-adm.com.
bwnews.bestwestern.com. 3600 IN NS ns3.acoustic-adm.com.
bwnews.bestwestern.com. 3600 IN NS ns4.acoustic-adm.com.
bwnews.bestwestern.com. 3600 IN NS ns1.acoustic-adm.com.
;; Received 143 bytes from 95.100.168.64#53(a5-64.akam.net) in 507 ms

bestwestern.com. 900 IN SOA ns1.acoustic-adm.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;; Received 136 bytes from 2600:9000:5305:1100::1#53(ns1.acoustic-adm.com) in 268 ms

> 31-May-2023 16:58:11.536 query-errors: info: client @0x7f8d00a1d568 127.0.0.1#38026 (email.bestwesternrewards.com): query failed (SERVFAIL) for email.bestwesternrewards.com/IN/NS at ../../../lib/ns/query.c:7060
> 31-May-2023 17:12:22.905 query-errors: client @0x7f53d920e368 68.195.111.45#54508 (_dmarc.email.bestwesternrewards.com): query failed (SERVFAIL) for _dmarc.email.bestwesternrewards.com/IN/TXT at ../../../lib/ns/query.c:7060

The end of “dig _dmarc.email.bestwesternrewards.com +trace +all TXT”
email.bestwesternrewards.com is not properly delegated.
The delegated server is echoing back the AD bit.  

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1058
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: 6985c5f106c0dc4ed5994526647a7fb5e764ecd9d5b481ee (good)
;; QUESTION SECTION:
;_dmarc.email.bestwesternrewards.com. IN TXT

;; AUTHORITY SECTION:
email.bestwesternrewards.com. 3600 IN NS ns1.acoustic-adm.com.
email.bestwesternrewards.com. 3600 IN NS ns4.acoustic-adm.com.
email.bestwesternrewards.com. 3600 IN NS ns2.acoustic-adm.com.
email.bestwesternrewards.com. 3600 IN NS ns3.acoustic-adm.com.

;; Query time: 259 msec
;; SERVER: 206.201.174.21#53(ns01.bestwestern.com) (UDP)
;; WHEN: Sat Jun 03 09:48:05 AEST 2023
;; MSG SIZE  rcvd: 177

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45439
;; flags: qr aa ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;_dmarc.email.bestwesternrewards.com. IN TXT

;; ANSWER SECTION:
_dmarc.email.bestwesternrewards.com. 300 IN TXT "v=DMARC1; p=none; rua=mailto:0c75d3ee540c669 at rep.dmarcanalyzer.com; ruf=mailto:0c75d3ee540c669 at for.dmarcanalyzer.com; fo=1;"

;; AUTHORITY SECTION:
bestwesternrewards.com. 172800 IN NS ns1.acoustic-adm.com.
bestwesternrewards.com. 172800 IN NS ns2.acoustic-adm.com.
bestwesternrewards.com. 172800 IN NS ns3.acoustic-adm.com.
bestwesternrewards.com. 172800 IN NS ns4.acoustic-adm.com.

;; ADDITIONAL SECTION:
ns1.acoustic-adm.com. 60 IN A 205.251.197.17
ns1.acoustic-adm.com. 60 IN AAAA 2600:9000:5305:1100::1
ns2.acoustic-adm.com. 60 IN A 205.251.198.78
ns2.acoustic-adm.com. 60 IN AAAA 2600:9000:5306:4e00::1
ns3.acoustic-adm.com. 60 IN A 205.251.194.123
ns3.acoustic-adm.com. 60 IN AAAA 2600:9000:5302:7b00::1
ns4.acoustic-adm.com. 60 IN A 205.251.192.237
ns4.acoustic-adm.com. 60 IN AAAA 2600:9000:5300:ed00::1

;; Query time: 246 msec
;; SERVER: 2600:9000:5306:4e00::1#53(ns2.acoustic-adm.com) (UDP)
;; WHEN: Sat Jun 03 09:48:05 AEST 2023
;; MSG SIZE  rcvd: 461

> 31-May-2023 17:12:22.921 query-errors: client @0x7f53d91aeb68 68.195.111.45#54508 (mail8140.bwnews.bestwestern.com): query failed (SERVFAIL) for mail8140.bwnews.bestwestern.com/IN/TXT at ../../../lib/ns/query.c:7060
> 31-May-2023 17:12:22.928 query-errors: client @0x7f53da5deb68 68.195.111.45#53653 (bounce.bwnews.bestwestern.com): query failed (SERVFAIL) for bounce.bwnews.bestwestern.com/IN/TXT at ../../../lib/ns/query.c:7060
> 
> Is Best Western actually having such DNS problems? Even just a simple "host" command shows something is wrong:
> 
> $ host mail8140.bwnews.bestwestern.com
> mail8140.bwnews.bestwestern.com has address 129.41.76.129
> Host mail8140.bwnews.bestwestern.com not found: 2(SERVFAIL)
> mail8140.bwnews.bestwestern.com mail is handled by 5 mail8140.bwnews.bestwestern.com.

Yes.  They need to get someone that can configure a server with the correct name
for the zone being delegated to it.  This is simply a matter of putting the correct
name into the configuration.  If you are delegating “bwnews.bestwestern.com” then
you add a zone called “bwnews.bestwestern.com”.  Simple.

> On another server, I'm receiving a bit more information:
> 31-May-2023 17:13:28.845 lame-servers: FORMERR resolving 'mail8140.bwnews.bestwestern.com/AAAA/IN': 205.251.194.123#53
> 31-May-2023 17:13:28.845 query-errors: client @0x7f655c820168 127.0.0.1#50563 (mail8140.bwnews.bestwestern.com): query failed (failure) for mail8140.bwnews.bestwestern.com/IN/AAAA at ../../../lib/ns/query.c:7779
> 
> What is the impact of these messages?
> 
> I'm also receiving many timeout problems.
> 
> 31-May-2023 17:00:51.990 query-errors: info: client @0x7f8d00a1b968 127.0.0.1#56239 (_dmarc.zoominfo.com): query failed (timed out) for _dmarc.zoominfo.com/IN/TXT at ../../../lib/ns/query.c:7779
> 31-May-2023 17:00:52.172 query-errors: info: client @0x7f8d00de5168 127.0.0.1#30280 (travel-assets.com.fresh30.spameatingmonkey.net): query failed (timed out) for travel-assets.com.fresh30.spameatingmonkey.net/IN/A at ../../../lib/ns/query.c:7779
> 31-May-2023 17:03:52.542 query-errors: client @0x7f53da961d68 68.195.111.45#50747 (31.57.89.167.bb.barracudacentral.org): query failed (timed out) for 31.57.89.167.bb.barracudacentral.org/IN/A at ../../../lib/ns/query.c:7779
> 
> I think the last two occur on multiple servers, leading me to believe they actually have a problem? Barracuda requires that you register your IP with them, and I've done that, but other queries with them work just fine, even from servers that aren't registered.
> 
> Could this be a bind tuning problem? Neither server where I ran these tests are having resource issues that I know of.
> 
> Any ideas on how to troubleshoot these to confirm it's not a problem with my own server would be greatly appreciated.
> 
> Thanks,
> Alex
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list