SERVFAIL on Dig DKIM Record
kcd at chrysler.com
Thu Sep 24 16:41:05 UTC 2009
The info from the zone itself is always considered "better" than the
same information from a delegation, so named is going out and trying to
fetch it. When it encounters the SERVFAIL it passes it back to the invoker.
If you want to see the delegation record, put a +norec ("no recurse") on
the dig command line. That prevents it from going out and fetching anything.
> Thanks Kevin, but shouldn't I be able to get info from my DNS server
> for this record? I'm doing this and getting the SERVFAIL:
> dig @dns1.irides.com <http://dns1.irides.com> bh._domainkey.edweek.org
> <http://domainkey.edweek.org> NS
> On Thu, Sep 24, 2009 at 12:14 PM, Kevin Darcy <kcd at chrysler.com
> <mailto:kcd at chrysler.com>> wrote:
> pdns1.ultradns.net <http://pdns1.ultradns.net> is returning the
> $ dig bh._domainkey.edweek.org <http://domainkey.edweek.org> any
> @pdns1.ultradns.net <http://pdns1.ultradns.net>
> ; <<>> DiG 9.3.0 <<>> bh._domainkey.edweek.org
> <http://domainkey.edweek.org> any @pdns1.ultradns.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 384
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> I get the same thing for other types too (NS, TXT).
> So, either it's a problem that ultradns.net <http://ultradns.net>
> needs to correct, or the user gave you the wrong information.
> - Kevin
> brad wrote:
> A user recently asked me to add this record for them:
> bh._domainkey.edweek.org <http://domainkey.edweek.org>
> <http://domainkey.edweek.org> NS pdns1.ultradns.net
> <http://pdns1.ultradns.net> <http://pdns1.ultradns.net>
> I've done so, however, BIND is kicking out SERVFAILS when I
> dig it. I'm running 9.6.1-P1, do I need to add a setting for
> BIND to accept this subdomain delegation?
More information about the bind-users