SERVFAIL

bsfinkel at anl.gov bsfinkel at anl.gov
Tue Sep 9 18:54:45 UTC 2008


In response to a posting "Re: Two DNS Servers inside a firewall"
Mark Andrews wrote on September 5:

> 	Below is a example of such a bad delegation.  The last SOA
> 	record should be owned by www.lawlink.nsw.gov.au not
> 	lawlink.nsw.gov.au.  It results in SERVFAIL being returned.
>
> 	Mark
>
>
> ; <<>> DiG 9.3.4-P1 <<>> aaaa www.lawlink.nsw.gov.au
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56606
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.lawlink.nsw.gov.au.		IN	AAAA
>
> ;; Query time: 63 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Sep  5 12:01:30 2008
> ;; MSG SIZE  rcvd: 40
>
> ; <<>> DiG 9.3.4-P1 <<>> www.lawlink.nsw.gov.au aaaa +trace
> ;; global options:  printcmd
> .			440024	IN	NS	h.root-servers.net.
> .			440024	IN	NS	d.root-servers.net.
> .			440024	IN	NS	g.root-servers.net.
> .			440024	IN	NS	i.root-servers.net.
> .			440024	IN	NS	b.root-servers.net.
> .			440024	IN	NS	l.root-servers.net.
> .			440024	IN	NS	m.root-servers.net.
> .			440024	IN	NS	e.root-servers.net.
> .			440024	IN	NS	f.root-servers.net.
> .			440024	IN	NS	a.root-servers.net.
> .			440024	IN	NS	j.root-servers.net.
> .			440024	IN	NS	c.root-servers.net.
> .			440024	IN	NS	k.root-servers.net.
> ;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
>
> au.			172800	IN	NS	ns1.audns.net.au.
> au.			172800	IN	NS	dns1.telstra.net.
> au.			172800	IN	NS	sec1.apnic.net.
> au.			172800	IN	NS	sec3.apnic.net.
> au.			172800	IN	NS	adns1.berkeley.edu.
> au.			172800	IN	NS	adns2.berkeley.edu.
> au.			172800	IN	NS	audns.optus.net.
> au.			172800	IN	NS	aunic.aunic.net.
> ;; Received 430 bytes from 2001:500:1::803f:235#53(h.root-servers.net) in 244 ms
>
> lawlink.nsw.gov.au.	3600	IN	NS	ns3.uecomm.net.au.
> lawlink.nsw.gov.au.	3600	IN	NS	ns1.uecomm.net.au.
> lawlink.nsw.gov.au.	3600	IN	NS	ns2.uecomm.net.au.
> ;; Received 105 bytes from 58.65.255.73#53(ns1.audns.net.au) in 42 ms
>
> www.lawlink.nsw.gov.au.	3600	IN	NS	ns1.lawlink.nsw.gov.au.
> www.lawlink.nsw.gov.au.	3600	IN	NS	ns2.lawlink.nsw.gov.au.
> ;; Received 108 bytes from 203.94.128.54#53(ns1.uecomm.net.au) in 39 ms
>
> lawlink.nsw.gov.au.	86400	IN	SOA	lawlink.nsw.gov.au. administrator.lawlink.nsw.gov.au. 998545544 28800 7200 604800 86400
> ;; Received 144 bytes from 203.3.186.53#53(ns1.lawlink.nsw.gov.au) in 32 ms


I have a user who cannot resolve

     www.flickr.com

The name server I am querying is 9.5.0-P1 (to be updated to a patched
P2 tomorrow).  When I query at one of the autoritative name servers,
I get:

     oberon% dig www.flickr.com @ns1.yahoo.com.

     ; <<>> DiG 8.3 <<>> www.flickr.com @ns1.yahoo.com.
     ; (1 server found)
     ;; res options: init recurs defnam dnsrch
     ;; got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
     ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5
     ;; QUERY SECTION:
     ;;      www.flickr.com, type = A, class = IN

     ;; ANSWER SECTION:
     www.flickr.com.         5M IN CNAME     www.flickr.vip.mud.yahoo.com.
     www.flickr.vip.mud.yahoo.com.  15M IN A  68.142.214.24

     ;; AUTHORITY SECTION:
     mud.yahoo.com.          2D IN NS        ns1.yahoo.com.
     mud.yahoo.com.          2D IN NS        ns2.yahoo.com.
     mud.yahoo.com.          2D IN NS        ns3.yahoo.com.
     mud.yahoo.com.          2D IN NS        ns4.yahoo.com.
     mud.yahoo.com.          2D IN NS        ns5.yahoo.com.

     ;; ADDITIONAL SECTION:
     ns1.yahoo.com.          2D IN A         66.218.71.63
     ns2.yahoo.com.          2D IN A         68.142.255.16
     ns3.yahoo.com.          2D IN A         217.12.4.104
     ns4.yahoo.com.          2D IN A         68.142.196.63
     ns5.yahoo.com.          30M IN A        119.160.247.124

     ;; Total query time: 64 msec
     ;; FROM: oberon.it.anl.gov to SERVER: ns1.yahoo.com.  66.218.71.63
     ;; WHEN: Tue Sep  9 13:25:03 2008
     ;; MSG SIZE  sent: 32  rcvd: 257

     oberon%

but a general query results in SERVFAIL:

     oberon% dig www.flickr.com

     ; <<>> DiG 8.3 <<>> www.flickr.com
     ;; res options: init recurs defnam dnsrch
     ;; got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2
     ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
     ;; QUERY SECTION:
     ;;      www.flickr.com, type = A, class = IN

     ;; Total query time: 9 msec
     ;; FROM: oberon.it.anl.gov to SERVER: default -- 146.139.254.5
     ;; WHEN: Tue Sep  9 13:22:46 2008
     ;; MSG SIZE  sent: 32  rcvd: 32

     oberon%

I notice that when I query one of the authoritative name servers I
get

     ;; ANSWER SECTION:
     www.flickr.com.         5M IN CNAME     www.flickr.vip.mud.yahoo.com.
     www.flickr.vip.mud.yahoo.com.  15M IN A  68.142.214.24

     ;; AUTHORITY SECTION:
     mud.yahoo.com.          2D IN NS        ns1.yahoo.com.
     mud.yahoo.com.          2D IN NS        ns2.yahoo.com.
     mud.yahoo.com.          2D IN NS        ns3.yahoo.com.
     mud.yahoo.com.          2D IN NS        ns4.yahoo.com.
     mud.yahoo.com.          2D IN NS        ns5.yahoo.com.

Is the SERVFAIL because I queried

     flickr.com

and the authority is

     mud.yahoo.com ?

If not, then why am I getting SERVFAIL?  Thanks.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994


More information about the bind-users mailing list