BIND9 SERVFAIL on some .gov addresses
Ryan Novosielski
novosirj at umdnj.edu
Thu Feb 10 19:26:11 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks,
I am running into a problem with the Oracle Solaris-delivered BIND9
(BIND 9.6-ESV-R3) that I have running on four DNS servers. I have to
admit my BIND troubleshooting skills aren't what they could be, given
that the product normally "just works."
My issue is with looking up MX records specifically on some .gov
addresses. I would not be surprised if this is somehow EDNS/DNSSEC
related. Here is dig trace on the example:
; <<>> DiG 9.6-ESV-R3 <<>> MX health.nyc.gov +trace
;; global options: +cmd
. 187059 IN NS f.root-servers.net.
. 187059 IN NS m.root-servers.net.
. 187059 IN NS d.root-servers.net.
. 187059 IN NS b.root-servers.net.
. 187059 IN NS l.root-servers.net.
. 187059 IN NS g.root-servers.net.
. 187059 IN NS j.root-servers.net.
. 187059 IN NS a.root-servers.net.
. 187059 IN NS c.root-servers.net.
. 187059 IN NS k.root-servers.net.
. 187059 IN NS i.root-servers.net.
. 187059 IN NS e.root-servers.net.
. 187059 IN NS h.root-servers.net.
;; Received 336 bytes from 130.219.11.100#53(130.219.11.100) in 3 ms
gov. 172800 IN NS b.gov-servers.net.
gov. 172800 IN NS a.gov-servers.net.
;; Received 111 bytes from 192.33.4.12#53(c.root-servers.net) in 5 ms
nyc.gov. 86400 IN NS vwall1a.nyc.gov.
nyc.gov. 86400 IN NS vwall2a.nyc.gov.
nyc.gov. 86400 IN NS vwall3a.nyc.gov.
nyc.gov. 86400 IN NS vwall4a.nyc.gov.
;; Received 191 bytes from 209.112.123.30#53(b.gov-servers.net) in 71 ms
dig: isc_socket_create: address family not supported
I've read that I shouldn't let this error message lead me anywhere in
particular. Does anyone have some advice for where to start
troubleshooting? I've tried BIND elsewhere, no issues (though not the
same exact version). A dig +trace actually works from my laptop against
the server (but dig by itself returns no MX records).
Thank you in advance for suggestions. This one is causing some nasty
problems.
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1UO9IACgkQmb+gadEcsb682QCaA0uPjJnQGxXOt/CUAXuYN+l2
VGEAoLOuqMQcJWurO8sCGNfrr3Oc/B0u
=Hq8W
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: novosirj.vcf
Type: text/x-vcard
Size: 301 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110210/515c3142/attachment.vcf>
More information about the bind-users
mailing list