Understanding SERVFAIL (for google)

Bill Moseley moseley at hank.org
Thu Mar 31 05:55:20 UTC 2005

On Thu, Mar 31, 2005 at 03:27:19PM +1000, Mark Andrews wrote:
> 	If you want to be secure with externally accessable components
> 	then keeping them up to date is generally the best policy.
> 	Named, I am sure, is inspected by black hats at every release
> 	for fixes that may expose remote holes.  While we also do
> 	this and issue advisaries when we find something, we won't
> 	guarantee that we havn't missed a case.  Staying up to date
> 	limits your exposure.

Makes sense.  I know my machines are updated within a very short time
of receiving any Debian security announcements.  But I don't like
running the old code.  I do run a few backports on Stable, but I'm
always worried that something will conflict when they get updated.

We have all been waiting for a new Stable release.

> > Are you saying that the problem I'm seeing is due to running Debian's
> > version of Bind?  Or just that the version in Debian Stable is not capable
> > of debugging the problem?

> 	Well there are bug fixes in there that may fix your problem.

Can I ask a bit more generic question and forget about the versions for
now?  I'll assume that my specific problem is related to a bug in the
version I'm running.

In general, if dig shows SERVFAIL are there specific options that will
help detail why that's being reported?

Bill Moseley
moseley at hank.org

More information about the bind-users mailing list