Cannot resolve outside my TLD - all others give SERVFAIL
Chris C
chrisc at optonline.net
Wed Apr 28 20:55:26 UTC 2010
Hello,
Has anyone ran into something like this?
I am running the following version of Bind:
BIND 9.6.2-P1-RedHat-9.6.2-3.P1 built with
'--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu'
'--target=x86_64-redhat-linux' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var'
'--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static'
'--disable-openssl-version-check' '--with-dlz-ldap=yes'
'--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego'
'CFLAGS= -O2 -g -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
'CXXFLAGS=-O2 -g -m64 -mtune=generic' 'FFLAGS=-O2 -g -m64
-mtune=generic' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu'
'target_alias=x86_64-redhat-linux'
This instance is used as a caching resolver with blacklists. The
blacklists are fed what is basically a null.zone file.
IE.
$TTL 86400 ; one day
@ IN SOA dnsbl0.xxx.xxx. hostmaster.xxx.xxx. (
2010030900 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS dnsbl0.xxx.gov.
NS dnsbl1.xxx.gov.
NS dnsbl2.xxx.gov.
A 127.0.0.3
* IN A 127.0.0.3
There are approx. 172K zones for the blacklist.
Recently the system would give out SERVFAIL for all queries outside my
TLD. Anything inside my TLD works fine.
If I drop the blacklists (say to 50K), it works fine. I am trying to
find that magic number in which the failures start to occur, but the
daemon takes about 15-20 minutes for a restart. I will post that once
obtained.
Here is the output:
# dig +trace @localhost www.google.com
; <<>> DiG 9.6.2-P1-RedHat-9.6.2-3.P1 <<>> +trace @localhost www.google.com
; (1 server found)
;; global options: +cmd
. 517976 IN NS d.root-servers.net.
. 517976 IN NS g.root-servers.net.
. 517976 IN NS k.root-servers.net.
. 517976 IN NS i.root-servers.net.
. 517976 IN NS a.root-servers.net.
. 517976 IN NS h.root-servers.net.
. 517976 IN NS e.root-servers.net.
. 517976 IN NS j.root-servers.net.
. 517976 IN NS f.root-servers.net.
. 517976 IN NS c.root-servers.net.
. 517976 IN NS b.root-servers.net.
. 517976 IN NS l.root-servers.net.
. 517976 IN NS m.root-servers.net.
;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 46 ms
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
;; Received 492 bytes from 128.8.10.90#53(d.root-servers.net) in 11 ms
;; connection timed out; no servers could be reached
#
regards,
Chris
More information about the bind-users
mailing list