Servfail When Resolving certain domains

England, Robert (Robert) england at northamerica.exchange.agere.com
Mon Dec 10 21:05:52 UTC 2001 

I'm trying to figure out why our DNS servers are having intermittent
problems getting to a hand full of domains on a consistent basis. Below is
one of the domain names we continually have issues with. We run a BIND 8.2.4
environment.
 
We have email being queued because of host name lookup failure.
When we perform a DIG for the MX record against our DNS servers responsible
for external DNS resolution, they come back with the below message.
 
$ /usr/sbin/dig zaiqtech.com mx
 
; <<>> DiG 8.3 <<>> zaiqtech.com mx 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      zaiqtech.com, type = MX, class = IN
 
;; Total query time: 14 msec
;; FROM: rootdns2 to SERVER: default -- 192.19.192.102
;; WHEN: Mon Dec 10 15:06:49 2001
;; MSG SIZE  sent: 30  rcvd: 30
 
 
 
We then perform a DIG with the +norec option as noted below, and get the
following. The NS records of the name server for the domain we are looking
up.
Am I correct to say that the NS records that are returned below come from
the .com DNS servers as referrals? Are these the NS records registered with
Network Solutions?
 
 
$ /usr/sbin/dig zaiqtech.com mx +norec
 
; <<>> DiG 8.3 <<>> zaiqtech.com mx +norec 
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65486
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      zaiqtech.com, type = MX, class = IN
 
;; AUTHORITY SECTION:
zaiqtech.com.           21h51m26s IN NS  CONNACTIVITY.CONNACTIVITY.com.
zaiqtech.com.           21h51m26s IN NS  NS2.CONNACTIVITY.com.
 
;; ADDITIONAL SECTION:
CONNACTIVITY.CONNACTIVITY.com.  22m28s IN A  206.34.200.2
NS2.CONNACTIVITY.com.   1d4h8m24s IN A  206.34.200.3
 
;; Total query time: 9 msec
;; FROM: rootdns2 to SERVER: default -- 192.19.192.102
;; WHEN: Mon Dec 10 15:10:46 2001
;; MSG SIZE  sent: 30  rcvd: 120
 
 
 
The question I have is when our DNS servers try to find the MX records for
the zaiqtech.com domain name it is unsuccessful. How does that happen?
If the +norec allows DIG to perform a DNS query like our name servers,
doesn't our DNS servers get referred to the name servers listed above?
 
If I perform a dig against the name servers listed above with the +norec
option I get the following (below). I am able to find the MX records from
the name servers directly. 
 
How come our name servers do not seem to find the answer when they (should
be) quering the name servers of the zaiqtech.com domain listed above?  What
am I missing? 
 
Doesn't our name servers follow the referral to the name servers for the
zaiqtech.com domain?  If not then what is really happening? If someone can
help me figure this out, it should clear up things up, in my mind.
 
What I have been doing for now to get around this problem, is setting up
zone forwarding for the domains that continue to give us a problem. 
Why does querying our DNS server with zone forwarding configured work and
querying our DNS server without zone forward does not work?
 
I really need to understand what zone forwarding is doing that a standard
DNS query with out zone forwarding is not doing.
 
 
Thanks for the help
 
-Bob
 
 
 
$ /usr/sbin/dig zaiqtech.com mx +norec @206.34.200.2
 
; <<>> DiG 8.3 <<>> zaiqtech.com mx +norec @206.34.200.2 
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36418
;; flags: qr ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUERY SECTION:
;;      zaiqtech.com, type = MX, class = IN
 
;; ANSWER SECTION:
zaiqtech.com.           10h40m IN MX    10 mail.zaiqtech.com.
zaiqtech.com.           10h40m IN MX    20 mail2.zaiqtech.com.
 
;; ADDITIONAL SECTION:
mail.zaiqtech.com.      10h40m IN A     216.141.126.195
mail2.zaiqtech.com.     10h40m IN A     216.141.125.243
 
;; Total query time: 41 msec
;; FROM: rootdns2 to SERVER: 206.34.200.2
;; WHEN: Mon Dec 10 15:16:48 2001
;; MSG SIZE  sent: 30  rcvd: 105
 
$ /usr/sbin/dig zaiqtech.com mx +norec @206.34.200.3  
 
; <<>> DiG 8.3 <<>> zaiqtech.com mx +norec @206.34.200.3 
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38910
;; flags: qr ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUERY SECTION:
;;      zaiqtech.com, type = MX, class = IN
 
;; ANSWER SECTION:
zaiqtech.com.           10h40m IN MX    10 mail.zaiqtech.com.
zaiqtech.com.           10h40m IN MX    20 mail2.zaiqtech.com.
 
;; ADDITIONAL SECTION:
mail.zaiqtech.com.      10h40m IN A     216.141.126.195
mail2.zaiqtech.com.     10h40m IN A     216.141.125.243
 
;; Total query time: 40 msec
;; FROM: rootdns2 to SERVER: 206.34.200.3
;; WHEN: Mon Dec 10 15:17:37 2001
;; MSG SIZE  sent: 30  rcvd: 105

More information about the bind-users mailing list