Stumped - SERVFAIL vs NOERROR?

Tony Finch dot at dotat.at
Wed Apr 27 13:45:58 UTC 2011


Karl Auer <kauer at biplane.com.au> wrote:
>
> Using our local caching, recursive BIND9 nameservers, we get SERVFAIL on
> a particular domain, namely "mailergoat.rsi.co.jp". But from other
> places, we get NOERROR (which is the correct answer, because there is a
> A record with that name). However, from some places outside our network
> we also get SERVFAIL.

The name servers for the zone mailergoat.rsi.co.jp are broken. They return
a nodata response with the wrong authority for all non-A non-TXT queries.
The SOA record owner name in the additional section of the reply should be
mailergoat.rsi.co.jp not rsi.co.jp. BIND requires that the SOA owner name
in a nodata response matches the zone name that BIND is expecting. This is
part of the logic it uses to tell the difference between various kinds of
negative responses (as in RFC 2308).

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in
Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5
or 6 later. Rough or very rough. Occasional rain. Moderate or good,
occasionally poor.



More information about the bind-users mailing list