Server failed Errors from the Outside

Bill Chatfield bill.chatfield at
Sun Nov 28 00:36:26 UTC 1999

I am having a problem resolving host names on our network from the
outside.  By this I mean when you use a name server other than our own
primary name server to resolve names in our domain.  I call these
"indirect" queries because the outside name server has to ask a root
name server for our name server's address and then contact our name
server.  Technically this is a recursive lookup, but "indirect" makes
much more sense to me because "recursive" is too vague to convey any
useful information.

I am using bind 4.9.3 P1 on Solaris 2.5.1.  I have applied the current
patch, 103663-15, from Sun.  I have installed bind 8.2.2 P5 and it has
the same problem.  I have been over the config files many times and can
find no errors in them.

All host names resolve correctly as long as you are on a machine in our
domain,, resolving names using our primary name
server.  The problem only occurs when you use a name server other than
our primary.

Sometimes a particular subset of our host names will resolve from the
outside and the rest will not resolve.  They return a "Server failed"
error with nslookup.  After some unknown period of time, the subset
changes.  Other hosts will resolve and others won't.

I have set up an additional name server (Red Hat Linux 6.0, bind 8.2,
hereafter called "test") on our network so that I can test "indirect"
queries to our primary name server, because this is the only time the
error occurs.

I have figured out that if I specify a TTL value of 0 in the SOA record
for the domain in the primary name server, restart the test name server,
and run indirect queries through the test name server, the problem does
not occur.  So, I think it has something to do with the cache.

With a normal TTL value (after a restart), the test name server will
indirectly resolve the first host name I ask it to resolve.  It is a
caching only name server and is supposed to ask our primary name server
(through a root name server) for all host names on
Every host name query after the first results in a "Server falied"
error.  Running snoop on the primary name server, I can see that the
test name server never contacts the primary name server for all lookups
following the first one.  It does contact the primary for the first
lookup.  It always contacts a root name server.

I've found the debug output of named to be impossible to read, but I
have seen ncache messages indicating that negative responses are being

I've attached the db file for

You can test this situation by doing this:


which will work every time. is our primary name server.
Then try this:


One of those at any given time will not work, even though they are valid
names.  You can substitue or your name server for  gumby has the name server I set up to run tests.

I really have no clue why this is happening.  I'm hoping you can help.
If you need any additional information, let me know and I'll provide
it.  Thanks.

Bill Chatfield - Vice President of Technology - NetCommunity
bill.chatfield at
670 Harmon Avenue, Columbus, Ohio 43223
Phone: (614) 228-9977, FAX: (614) 228-2115

-- Attached file included as plaintext by Listar --
-- File:

; ---------------------------------------------------------------------------
; This table was created by Bill Haase Internet Media Properties on Jan 27, 1998
; Emergency Contact is Bill Haase, Pager (614) 731-9033 Mobile (614) 207-4257
; ---------------------------------------------------------------------------


@       IN SOA (
          1999112701   ; serial
               86400   ; refresh
               21600   ; retry
              604800   ; expire
                   0 ) ; TTL minimum
; TTL minimum use to be 86400

		IN NS	
		IN NS	
		IN NS	
; ------------------------------------------------------------------------
;	IN MX 10
jhad			IN A
bodasheck		IN A
burnbaby		IN A
sales			IN A
ns1			IN A
simba			IN A
zuul			IN A
winnt2			IN A
winnt3			IN A
pokey			IN A
gumby			IN A
winnt1			IN A
hal			IN A
yaldwan			IN A
www		     	IN A
ftp			IN CNAME
pulsar			IN CNAME
mail			IN CNAME
dev			IN CNAME
; ------------------------------------------------------------------------
; Test sites currently on gumby.
; ------------------------------------------------------------------------
test.grangeinsurance	IN A
test.gtgi		IN A
test.netcommunity	IN A
test.securitydocuments	IN A
test.trimsystems	IN A
test.flashpilot		IN A

More information about the bind-users mailing list