intermittent SERVFAIL on certain domains

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Thu Apr 11 16:58:27 UTC 2002


Mark Frey <am335 at hwcn.org> wrote:

> I've seen SERVFAIL problems on certain domains on and off for quite a
> while on our caching nameserver.  I've read discussion here that it
> usually is caused by nameservers for the domain that have errors in
> the data or configuration and that don't return authoritative answers
> but this does not appear to be the case with this domain at this time.
>  Re-starting named will fix the problem.  Here's some exerpts from
> named_dump.db before and after, and some host queries with the
> recursion flag off.  Bind is version 9.2.0.

> While experiencing the problem, named has glue for the brcc.ca NS
> records but no authauthority.  After restarting, there is
> authauthority and no glue, and the domain resolves properly.

your RHS of your NS records are CNAME's . That's not allowed.

Use beta.worldchat.com and alpha.worldchat.com instead. Even better
try to find a third NS outside your LAN.

Then your SOA record contains no working contact address ( this will 
not make your dns broken but it will make it more difficult to
reach You in case needed, and is against standards)

Your MX record is also referencing a CNAME,which is illegal.

peter h

> Any thoughts on what might have caused this situation?  Sorry for the
> long post.

> Mark.

> named returns SERVFAIL on brcc.ca

> Sendmail rejects mail from this domain. From sendmail syslogs:
>  reject=451 4.1.8 Domain of sender address x at brcc.ca does not resolve

> # host brcc.ca
> Host brcc.ca not found: 2(SERVFAIL)

> # host -a -r brcc.ca
> Trying "brcc.ca"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57508
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

> ;; QUESTION SECTION:
> ;brcc.ca.                       IN      ANY

> ;; AUTHORITY SECTION:
> brcc.ca.                23991   IN      NS      ns.worldchat.com.
> brcc.ca.                23991   IN      NS      ns2.worldchat.com.

> ;; ADDITIONAL SECTION:
> ns.worldchat.com.       96776   IN      A       204.138.239.60
> ns2.worldchat.com.      96776   IN      A       204.138.239.137

> Received 105 bytes from 127.0.0.1#53 in 243 ms


> Dumped named_dump.db earlier when named was returning SERVFAIL,
> pertinent entries:

> ; glue
> brcc.CA.		32687   NS      ns.worldchat.com.
> 			32687   NS      ns2.worldchat.com.
> ; authauthority
> worldchat.com.		8696    NS      ns.worldchat.com.
> 			8696    NS      ns2.worldchat.com.
> ; authanswer
> 			8696    A       204.138.239.60
> ; answer
> NS.worldchat.com.	105472  A       204.138.239.60
> ; answer
> NS2.worldchat.com.	105472  A       204.138.239.137


> Dumped named_dump.db after restarting named and letting sendmail
> resolve brcc.ca:

> ; authauthority
> brcc.ca.		85942   NS      ns.worldchat.com.
> 			85942   NS      ns2.worldchat.com.
> ; authanswer
> 			85942   A       204.138.239.60


> # host -a -r brcc.ca a.root-servers.net
> Trying "brcc.ca"
> Using domain server:
> Name: a.root-servers.net
> Address: 198.41.0.4#53
> Aliases:

> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10683
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 6

> ;; QUESTION SECTION:
> ;brcc.ca.                       IN      ANY

> ;; AUTHORITY SECTION:
> ca.                     172800  IN      NS      CLOUSO.RISQ.QC.ca.
> ca.                     172800  IN      NS      NS2.UUNET.ca.
> ca.                     172800  IN      NS      RELAY.CDNNET.ca.
> ca.                     172800  IN      NS      RS0.NETSOL.COM.
> ca.                     172800  IN      NS      MERLE.CIRA.ca.
> ca.                     172800  IN      NS      NS3.UTORONTO.ca.

> ;; ADDITIONAL SECTION:
> CLOUSO.RISQ.QC.ca.      172800  IN      A       192.26.210.1
> NS2.UUNET.ca.           172800  IN      A       142.77.1.5
> RELAY.CDNNET.ca.        172800  IN      A       192.73.5.1
> RS0.NETSOL.COM.         172800  IN      A       216.168.224.206
> MERLE.CIRA.ca.          172800  IN      A       64.26.149.98
> NS3.UTORONTO.ca.        172800  IN      A       128.100.100.131

> Received 281 bytes from 198.41.0.4#53 in 140 ms

> # host -a -r brcc.ca ns2.uunet.ca
> Trying "brcc.ca"
> Using domain server:
> Name: ns2.uunet.ca
> Address: 142.77.1.5#53
> Aliases:

> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36649
> ;; flags: qr ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

> ;; QUESTION SECTION:
> ;brcc.ca.                       IN      ANY

> ;; ANSWER SECTION:
> brcc.ca.                86400   IN      NS      ns.worldchat.com.
> brcc.ca.                86400   IN      NS      ns2.worldchat.com.

> ;; AUTHORITY SECTION:
> brcc.ca.                86400   IN      NS      ns.worldchat.com.
> brcc.ca.                86400   IN      NS      ns2.worldchat.com.

> ;; ADDITIONAL SECTION:
> ns.worldchat.com.       170859  IN      A       204.138.239.60
> ns2.worldchat.com.      170859  IN      A       204.138.239.137

> Received 133 bytes from 142.77.1.5#53 in 68 ms

> # host -a -r brcc.ca ns.worldchat.com
> Trying "brcc.ca"
> Using domain server:
> Name: ns.worldchat.com
> Address: 204.138.239.60#53
> Aliases:

> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45242
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0

> ;; QUESTION SECTION:
> ;brcc.ca.                       IN      ANY

> ;; ANSWER SECTION:
> brcc.ca.                86400   IN      MX      5 mail.worldchat.com.
> brcc.ca.                86400   IN      NS      ns.worldchat.com.
> brcc.ca.                86400   IN      NS      ns2.worldchat.com.
> brcc.ca.                86400   IN      A       204.138.239.60
> brcc.ca.                86400   IN      SOA     ns.worldchat.com.
> hostmaster.alpha. 2001092001 3600 900 1209600 43200

> ;; AUTHORITY SECTION:
> brcc.ca.                86400   IN      NS      ns2.worldchat.com.
> brcc.ca.                86400   IN      NS      ns.worldchat.com.

> Received 190 bytes from 204.138.239.60#53 in 89 ms

> # host -a -r brcc.ca ns2.worldchat.com
> Trying "brcc.ca"
> Using domain server:
> Name: ns2.worldchat.com
> Address: 204.138.239.137#53
> Aliases:

> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52653
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0

> ;; QUESTION SECTION:
> ;brcc.ca.                       IN      ANY

> ;; ANSWER SECTION:
> brcc.ca.                86400   IN      SOA     ns.worldchat.com.
> hostmaster.alpha. 2001092001 3600 900 1209600 43200
> brcc.ca.                86400   IN      NS      ns.worldchat.com.
> brcc.ca.                86400   IN      NS      ns2.worldchat.com.
> brcc.ca.                86400   IN      A       204.138.239.60
> brcc.ca.                86400   IN      MX      5 mail.worldchat.com.

> ;; AUTHORITY SECTION:
> brcc.ca.                86400   IN      NS      ns2.worldchat.com.
> brcc.ca.                86400   IN      NS      ns.worldchat.com.

> Received 190 bytes from 204.138.239.137#53 in 76 ms


-- 
Peter Håkanson         
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
	   Remove "icke-reklam" and it works.


More information about the bind-users mailing list