intermittent SERVFAIL on certain domains

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Fri Apr 12 09:46:47 UTC 2002 

Mark Frey <am335 at hwcn.org> wrote:

> Thanks Peter, I'd missed that the WorldChat NS's were CNAMES.  

> It's not my domain though - we just have trouble receiving mail from
> it on and off as my own nameserver gets goofed up, but only
> occasionally.

> Do you think that the fact that their NS records point at CNAMES is
> responsible for my named not being able to resolve them, but only
> rarely?  Mostly we have no problems with them.

No idea here. However breaking standards is a shure way of
recognizing a potential broken peer. And did'nt they 
use CNAME as RHS of the MX too ? I would personally stop digging
here and with for the offender to fix their gear.

> Mark.


> phn at icke-reklam.ipsec.nu wrote in message news:<a94fnp$e0k at pub3.rc.vix.com>...
>> Mark Frey <am335 at hwcn.org> wrote:
>> 
>> > I've seen SERVFAIL problems on certain domains on and off for quite a
>> > while on our caching nameserver.  I've read discussion here that it
>> > usually is caused by nameservers for the domain that have errors in
>> > the data or configuration and that don't return authoritative answers
>> > but this does not appear to be the case with this domain at this time.
>> >  Re-starting named will fix the problem.  Here's some exerpts from
>> > named_dump.db before and after, and some host queries with the
>> > recursion flag off.  Bind is version 9.2.0.
>>  
>> > While experiencing the problem, named has glue for the brcc.ca NS
>> > records but no authauthority.  After restarting, there is
>> > authauthority and no glue, and the domain resolves properly.
>> 
>> your RHS of your NS records are CNAME's . That's not allowed.
>> 
>> Use beta.worldchat.com and alpha.worldchat.com instead. Even better
>> try to find a third NS outside your LAN.
>> 
>> Then your SOA record contains no working contact address ( this will 
>> not make your dns broken but it will make it more difficult to
>> reach You in case needed, and is against standards)
>> 
>> Your MX record is also referencing a CNAME,which is illegal.
>> 
>> peter h
>>


-- 
Peter Håkanson         
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
	   Remove "icke-reklam" and it works.

More information about the bind-users mailing list