SERVFAIL for some domains on some servers

Oliver Henriot Oliver.Henriot at imag.fr
Tue Mar 2 09:58:03 UTC 2010


Cher Stéphane,

Dans sa grande sagesse, Stephane Bortzmeyer a écrit, le 01/03/10 11:44 :
> On Sat, Feb 27, 2010 at 06:51:44PM +0100,
>   Oliver Henriot<Oliver.Henriot at imag.fr>  wrote
>   a message of 104 lines which said:
>
>> but my computing skills are scarce and I still have a lot to learn.
>
> For instance, that you should always use real names
> <http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames>

Thanks for the info. Corrected in my reply to Sten Carlsen's message.
#joke mode on: If you have any questions concerning global tectonics and 
space geodesy, ask me; for computing, ask someone else.#joke mode off

>
>> - servers "2", "3" and "4" : slaves for my domain, recusrion allowed for
>> all, official resolvers for my clients, same configuration on all 3.
>
> Bad setup: you should really completely separate authoritative and
> recursive services.

No doubt. As soon as I have the time I'll follow your guidelines 
(http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html and 
http://www.afnic.fr/actu/nouvelles/general/NN20060404) I read a while ago.

>
>> Setup is DiG 9.3.6-P1 on CentOS 5.4.
>
> That's a very old version.

Yes, but it's the one packaged in CentOS and unfortunately I don't have 
the time or the leisure to maintain hand built versions yet.

>
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37397
>
> And the log?

I log severity info (which is pretty general) for these categories :
         category default { general-log; default_syslog; };
         category security { security-log; default_syslog; };
         category config { config-log; default_syslog; };
         category client { client-log; default_syslog; };
         category config { config-log; default_syslog; };
         category client { client-log; default_syslog; };
         category notify { notify-log; default_syslog; };
         category xfer-in { xfer-log; default_syslog; };
         category xfer-out { xfer-log; default_syslog; };
         category lame-servers { null; };

(I tried logging lame servers and gave up...)

but nothing shows up when carrying out the failed request. I even tried 
debug level and it gave nothing when I did :

dig www.labanquepostale.fr @129.88.30.10

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> 
www.labanquepostale.fr @129.88.30.10
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35429
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.labanquepostale.fr.                IN      A

;; Query time: 1513 msec
;; SERVER: 129.88.30.10#53(129.88.30.10)
;; WHEN: Tue Mar  2 10:51:46 2010
;; MSG SIZE  rcvd: 40


Thanks for your help (et pour votre travail sur le DNS en général).

Best regards,

Oliver

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4132 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100302/aee2f23f/attachment.bin>


More information about the bind-users mailing list