SERVFAIL - dig and host

Brett Morrow brett.morrow at noaa.gov
Fri Oct 31 01:41:05 UTC 2008


J
------Original Message------
From: Valentin Nechayev
Sender: bind-users-bounce at isc.org
To: bsfinkel at anl.gov
Cc: bind-users at isc.org
Subject: Re: SERVFAIL - dig and host
Sent: Oct 24, 2008 3:24 PM
>      desktop% dig igpp.ucla.edu
>      ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
>      desktop% host igpp.ucla.edu
>      Host igpp.ucla.edu not found: 3(NXDOMAIN)
>      desktop%
> 
> When I do a "dig" and the result is SERVFAIL is there a way to determine
> exactly what is causing the SERVFAIL?  I looked in the query.c source,
> and I see that there are a number of cases that result in SERVFAIL.

Really, no way without searching inside DNS server state. This can be e.g.
slave zone which expired locally without possibility to transfer from
master, NSes pointing to invalid servers, etc. So, if you aren't 
administrator of this DNS server, ask the administrator. If you are
administrator, check zone state, inspect cache, make full search procedure
beginning from the root servers.

> Note that the "host" command returns NXDOMAIN.  I have not looked at
> the source for "host".  Is that command converting SERVFAIL to
> NXDOMAIN, or can the "host" command produce a SERVFAIL response?

Add -v option to host and check what does it print.


-netch-



Sent via who know where....From satimis at yahoo.com  Fri Oct 31 01:47:12 2008
Received: with ECARTIS (v1.0.0; list bind-users); Fri, 31 Oct 2008 01:47:12 +0000 (UTC)
Return-Path: <satimis at yahoo.com>
X-Original-To: bind-users at webster.isc.org
Received: from mx.isc.org (mx.isc.org [IPv6:2001:4f8:0:2::1c])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mx.isc.org", Issuer "ISC CA" (verified OK))
	by webster.isc.org (Postfix) with ESMTPS id 6983710E450
	for <bind-users at webster.isc.org>; Fri, 31 Oct 2008 01:47:12 +0000 (UTC)
	(envelope-from satimis at yahoo.com)
Received: from web35207.mail.mud.yahoo.com (web35207.mail.mud.yahoo.com [66.163.179.86])
	by mx.isc.org (Postfix) with SMTP id 6261C11402C
	for <bind-users at isc.org>; Fri, 31 Oct 2008 01:46:57 +0000 (UTC)
	(envelope-from satimis at yahoo.com)
Received: (qmail 38543 invoked by uid 60001); 31 Oct 2008 01:46:54 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=ZDpwDY0nyagS3fRG350kJYvQA8J1EWkMMRXUqkIULXtluixhQSW+4zBHHtIcfrQlVxZzLfheajr71hheoHbpahJXdAxlrG6xkyJLRFL1zCVCKOL0uaIUe4VlIpq07zyOx1iRGoCGuZgzf0NYnOWSbZPO0UJJhfdJ4CgdOMVaekY=;
X-YMail-OSG: flEGh4gVM1kMf.404EHWalTd0kKue.a2yFpY68rlRQha3roL3YcX1oAcQVMPXIfOxwhxB3av4D7_eRad14Y1o7YQEvtUPuuKBDWgEn.xih0_5fHxp09xEg0Y9NBq3QMvaxT8rcGddB4PWjs4CLnG63k2Ct7iOwlNLDBMokPSdd9v_DC9UUimMb1ONHatvsZfnoXLX74tNMeQj1uQ897.61F6lEeamOVnUw--
Received: from [220.232.213.178] by web35207.mail.mud.yahoo.com via HTTP; Fri, 31 Oct 2008 09:46:54 CST
Date: Fri, 31 Oct 2008 09:46:54 +0800 (CST)
From: Stephen Liu <satimis at yahoo.com>
Subject: About error/warning found on the server
To: bind-users at isc.org
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <857983.37905.qm at web35207.mail.mud.yahoo.com>
X-Spam-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,
	NORMAL_HTTP_TO_IP autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mx.isc.org
Sender: bind-users-bounce at isc.org
Errors-to: bind-users-bounce at isc.org
Precedence: bulk
List-unsubscribe: <mailto:bind-users-request at isc.org?Subject=unsubscribe>
List-Id: <bind-users.isc.org>
X-List-ID: <bind-users.isc.org>

Hi folks,


I have checked the DNS server on;

http://www.intodns.com


and found following warning/error ;

(remark: postfix installed but NOT configured yet)


NS
2)
(i)	-	Glue for NS records
INFO: GLUE was not sent when I asked your nameservers for your NS
records.This is ok but you should know that in this case an extra A
record lookup is required in order to get the IPs of your NS records.
The nameservers without glue are:
208.109.255.22
216.69.185.22
You can fix this for example by adding A records to your nameservers
for the zones listed above.


On which file?  Thanks.



SOA
(i)	-	SOA record
The SOA record is:
Primary nameserver: ns43.domaincontrol.com
Hostmaster E-mail address: dns.jomax.net
Serial #: 2007111300
Refresh: 28800
Retry: 7200
Expire: 604800   1 weeks
Default TTL: 86400 


How to renew it?


MX
1)
MX CNAME Check  	
WARNING: CNAME was returned for the following MX records:
smtp.secureserver.net
The CNAME(s) that were returned are listed above. This is not ok per
the RFCs and can cause problems including mail being lost!


How to get this problem fixed?  On Registrar's website?  OR on the
server, which file?


2)
MX A request returns CNAME
WARNING: MX records points to a CNAME. CNAMEs are not allowed in MX
records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181
10.3. The problem MX record(s) are:
mailstore1.secureserver.net points to ['smtp.where.secureserver.net']
smtp.secureserver.net points to ['smtp.where.secureserver.net']
This can cause problems


Do I need take any action on it?  If YES then how?  TIA



3)
Reverse MX A records (PTR)
ERROR: No reverse DNS (PTR) entries. The problem MX records are:
178.213.232.220.in-addr.arpa -> no reverse (PTR) detected
You should contact your ISP and ask him to add a PTR record for your
ips


What is PTR record for ips?  Before asking IPS to take action anything
can I do on the server.  TIA


B.R.
Stephen

Send instant messages to your online friends http://uk.messenger.yahoo.com 


More information about the bind-users mailing list