Intermittent "rcode = SERVFAIL" error on certain domains with BIND 4.9

Kevin Darcy kcd at daimlerchrysler.com
Wed Aug 2 22:53:31 UTC 2000 

I can resolve the MX record, but it took over 5 seconds. I suspect that other
nameservers are timing out intermittently. Also, all of the records in the response
had a TTL of 10 minutes, which exacerbates the problem by forcing other nameservers
to constantly resolve idmail.com all of the way from the "com" servers, adding
latency.

You might want to look at getting your domain served by faster and/or
better-connected servers, and/or getting the TTL's on those records up to something
a little more reasonable.


- Kevin

napier at NOTnapiersys.bc.ca wrote:

> Hello,
>
> I am runing a DNS on a Solaris 2.5 box, using BIND 4.9. It has worked
> without any problems for several years, however, recently I've noticed
> a problem.
>
> It is able, with the odd exception,  to resolve domain names, so I am
> pretty sure it is configured  correctly and is networked correctly.
>
> A few days ago, a user started complaining that sendmail was returning
> their email with
>
> >
> >   ----- Transcript of session follows -----
> >451 <xxx at idmail.com>... idmail.com: Name server timeout
> >Warning: message still undelivered after 4 hours
> >Will keep trying until message is 5 days old
> >Reporting-MTA: dns; myserver.mydomain.com
> >Arrival-Date: Thu, 27 Jul 2000 21:44:27 -0700 (PDT)
> >
> >Final-Recipient: RFC822; xxx at idmail.com
> >Action: delayed
>
> (the names have been changed to protect the innocent). I found that
> the nameserver was unable to resolve idmail.com.
>
> I did nslookups and was unable to resolve. However, checking other DNS
> serves on the Internet, they could resolve it. Note that this is the
> only domain that I have yet found that I cannot resolve. Going into
> nslookup:
>
> >Default Server:  myserver.mydomain.com
> >Address: 127.0.0.1
> >set db2
> >> idmail.com
> >Server:  myserver.mydomain.com
> >Address:  xxx.xxx.xxx.xxx
>
> >;; res_nmkquery(QUERY, idmail.com, IN, A)
> >------------
> >Got answer:
> >    HEADER:
> >        opcode = QUERY, id = 23708, rcode = SERVFAIL
> >        header flags:  response, want recursion, recursion avail.
> >        questions = 1,  answers = 0,  authority records = 0,  additional = 0
>
> >    QUESTIONS:
> >        idmail.com, type = A, class = IN
>
> >------------
> >;; res_nmkquery(QUERY, idmail.com.mydomain.com, IN, A)
> >------------
> >Got answer:
> >    HEADER:
> >        opcode = QUERY, id = 23709, rcode = NXDOMAIN
> >        header flags:  response, auth. answer, want recursion, recursion avail.
> >        questions = 1,  answers = 0,  authority records = 1,  additional = 0
>
> >    QUESTIONS:
> >        idmail.com.mydomain.com, type = A, class = IN
> >    AUTHORITY RECORDS:
> >    ->  mydomain.com
> >        ttl = 86400 (1D)
> >        origin = myserver.mydomain.com
> >        mail addr = me.myserver.mydomain.com
> >        serial = 2790551582
> >        refresh = 10800 (3H)
> >        retry   = 3600 (1H)
> >        expire  = 604800 (1W)
> >        minimum ttl = 86400 (1D)
>
> >------------
> >*** myserver.mydomain.com can't find idmail.com: Non-existent host/domain
>
> Here are the nslookup options:
>
> >Set options:
> >  debug         defname         search          recurse
> >  nod2            novc            noignoretc      port=53
> >  querytype=A     class=IN        timeout=5       retry=2
> >  root=a.root-servers.net.
> >  domain=mydomain.com
> >  srchlist=mydomain.com
>
> So ... can anyone explain why just my DNS fails on just a few domains
> and not others, while other DNS's resolve just fine?
>
> >; res_nmkquery(QUERY, idmail.com, IN, A)
> >------------
> >Got answer:
> >    HEADER:
> >        opcode = QUERY, id = 4134, rcode = NOERROR
> >        header flags:  response, want recursion, recursion avail.
> >        questions = 1,  answers = 1,  authority records = 2,  additional = 2
>
> >    QUESTIONS:
> >        idmail.com, type = A, class = IN
> >    ANSWERS:
> >    ->  idmail.com
> >        internet address = 199.60.228.51
> >        ttl = 300 (5M)
> >    AUTHORITY RECORDS:
> >    ->  idmail.com
> >        nameserver = NS1.DIRECT.CA
> >        ttl = 124677 (1d10h37m57s)
> >    ->  idmail.com
> >        nameserver = NS2.DIRECT.CA
> >        ttl = 124677 (1d10h37m57s)
> >    ADDITIONAL RECORDS:
> >    ->  NS1.DIRECT.CA
> >        internet address = 199.60.229.4
> >        ttl = 180 (3M)
> >    ->  NS2.DIRECT.CA
> >        internet address = 199.60.229.2
> >        ttl = 180 (3M)
>
> >------------
> >Non-authoritative answer:
> >Name:    idmail.com
> >Address:  199.60.228.51
>
> Also, of interst, I tried to upgrade to BIND 8 at one point, but I
> found the version I tried to  be buggy on Solaris 2.5.
>
>                                         Regards,
>
> Duncan (Remove the NOT from my email address if replying by email)..

More information about the bind-users mailing list