SERVFAIL?!

Jim Reid jim at mpn.cp.philips.com
Wed Aug 18 18:41:55 UTC 1999 

>>>>> "David" == David Brueckmann <brueckmann at mycontrol.de> writes:


    David> I have a customer with a mailserver (sendmail) connected
    David> via dialup running.

    David> I need the forwarders because these are the only
    David> nameservers this machine can reach.

Hmm. Forwarding isn't usually a good idea with a dial-up link, but if
that's all they've got......

    David> The problem is: Sometimes (every 4-5 days) there are many
    David> entries like

    David> named[130]: sysquery: findns error (SERVFAIL) on
    David> mailin01.btx.dtag.de?

    David> in my syslog and the machine dials up about 40 times per
    David> day.

    David> What is the problem?

The "findns error" means that your name server was unable to find any
name servers for the btx.dtag.de or maybe the dtag.de domains. [I'm
assuming that the .de name servers haven't vanished from the net.] Use
host or dig or nslookup - I can't be bothered - to find the NS records
for these domains and then resolve them to IP addresses. Then query
those IP addresses for stuff in the btx.dtag.de or dtag.de domains.
[Asking them for the MX and/or A records for mailin01.btx.dtag.de
would seem to be worthwhile.] This should identify where the broken
delegation occurred. These NS records either point at unresolvable
names or else they resolve to A records which don't run name servers
for one of the two domains.

Since your name server can't find name servers for these domains,
lookups for mailin01.btx.dtag.de fail. This might cause sendmail to
queue the mail and retry the delivery later. So the next time the
mail queue is run, sendmail looks up mailin01.btx.dtag.de, gets a
SERVFAIL error, and queues it again. That could explain 40 or so error
messages in the log. Or perhaps something at the customer's site is
trying to send 40 or so mail messages to mailin01.btx.dtag.de every 4
or 5 days....

To fix this, you need to find the broken delegation and get the
hostmaster for that domain to fix it so that the world can lookup
mailin01.btx.dtag.de successfully. It might also be possible to change
sendmail so that SERVFAIL errors from the DNS cause mail to be
bounced. There's bound to be an option somewhere in sendmail.cf to
switch this off or on. This might reduce the number of messages in the
logs.

More information about the bind-users mailing list