what should bind do after receiving a SERVFAIL

Holemans Wim wim.holemans at ua.ac.be
Tue Jun 17 18:46:53 UTC 2008

we have a problem reaching a domain www.deltapoint.be, which is a
webserver hosted by Combell. It seems there is something wrong with the
nameresolution, but i can't figure out if it is our nameserver (bind
9.2.4) or the authoritive server that is doing something wrong. 
The record www.deltapoint.be is a cname. 
the NS records for deltapoint.be point to ns3.combell.net and
If we use host or nslookup or dig without a TYPE option, the lookup
fails. If we specify the type=cname option, the query succeeds and the
entry is put into the cache and the host is 'known' to our users. 

I used dig on our nameserver and nslookup on windows (with a packet
capture) and server=ns3.combell.net and found the following : 
if i don't specify a type or set type=all, the combell server responds
with a SERVFAIL error but also contains the relevant CNAME information.
It seems as if bind sees the SERVFAIL info and stops the query, ignoring
the data in the RR records sent along. 

I did some google searches and looked at the Bind mailing list but can't
figure out what the expected behaviour should be. Should bind ignore the
SERVFAIL warning and use the extra info in the data to continue his
queries or is the responding nameserver making an error by sending a
SERVFAIL errorcode along the respons ? 

Is there an way to instruct bind to ignore these SERVFAIL messages if
the message also contains extra RRs that contain useful information ? 



Wim Holemans

NetworkServices Universiteit Antwerpen


More information about the bind-users mailing list