SERVFAIL from validating nameservers for &

Sam Wilson Sam.Wilson at
Fri Feb 6 10:14:30 UTC 2009

In article <gmg1b7$1q35$1 at>,
 Mark Andrews <Mark_Andrews at> wrote:

> In message <Prayer. at>, Chris 
> Thompson writes:
> > On Feb 5 2009, I wrote:
> > 
> > >DLV records for & are among the recent
> >additions to Using validating recursive nameservers
> > >running BIND 9.5.1-P1 (configured to trust, I get SERVFAILs
> > >looking things up in them, although not consistently. This doesn't
> > >happen with non-validating nameservers.
> > >
> > >I can't work out what is wrong with them. Does anyone else see the
> > >same effect?
> > 
> > More info about the "not consistently" bit. With nothing about
> > them in the cache ("rndc flushname") looking up SOA or
> > NS records for them gives SERVFAIL. But looking up A records does
> > not, and after that SOA and NS lookups work OK as well.
> > 
> > Hmmm...
> 	The TLD lies.  DNSSEC is doing exactly what it is
> 	supposed to do and is blocking ibad answers.

This may be coincidence but we had something similar with 
servers for a while yesterday - some of our caching servers would return 
SERVFAIL when looking up either a particular name,, or the NS records for  I was 
still baffled when it fixed itself.  Did anyone else notice anything 


More information about the bind-users mailing list