rpz_rewrite(): failure
Darren Ankney
darren.ankney at gmail.com
Wed May 10 10:31:27 UTC 2023
Hi Wilfred,
You might want to consider updating your BIND server. The latest
9.18.x is 9.18.14. There have been many fixes between 9.18.2 and
9.18.14 as can be seen here:
https://bind9.readthedocs.io/en/v9.18.14/notes.html Also, when
testing, you may want to consider using dig as it provides far more
detail. nslookup usage is no longer recommended as it has been
deprecated.
As to this specific issue, I'm not sure. You might get more help from
others, however, if you share your configuration. You can get a
configuration scrubbed of keys using `named-checkconf -px`
Thank you,
Darren Ankney
On Tue, May 9, 2023 at 9:39 AM Wilfred Sarmiento via bind-users
<bind-users at lists.isc.org> wrote:
>
> Hi Bind Users,
>
> Any one familiar with the error we encountered on DNS BIND 9.18.2 Ubuntu for DNS Caching, below;
>
> We are using RPZ for redirecting domains (porn sites) where we already have 20k+ entries.
> The domain (globem2m.com.ph) from below logs is not in the RPZ list but was processed for RPZ QNAME rewrite, based on the logs, and query to that domain results to SERVFAIL.
> The issue is isolated to several domains only including globem2m.com.ph, all other queries to different domains are successful.
>
> To resolve this issue, we have to flush cache or restart the BIND service.
>
> root at bind# nslookup globem2m.com.ph <server ip>
>
>
> ** server can't find globem2m.com.ph: SERVFAIL
>
>
> Trace logs:
>
> : query (cache) 'globem2m.com.ph/A/IN' approved
>
> : rpz QNAME rewrite globem2m.com.ph stop on qresult in rpz_rewrite(): failure
>
> : query failed (failure) for globem2m.com.ph/IN/A at query.c:7657
>
> fetch completed at resolver.c:4053 for globem2m.com.ph/A in 0.000000: failure/success [domain:com.ph,referral:0,restart:1,qrysent:0,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
>
> : reset client
>
> : servfail cache hit globem2m.com.ph/A (CD=0)
>
> : query failed (SERVFAIL) for globem2m.com.ph/IN/A at query.c:6949
>
> : reset client
>
>
> Thank you,
> Wil
>
>
>
>
> This e-mail message (including attachments, if any) is intended for the use of the individual or the entity to whom it is addressed and may contain information that is privileged, proprietary, confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender and delete this E-mail message immediately.
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list