Strange SERVFAIL issue
Stuart Gall
stuart at otenet.gr
Thu Aug 4 13:29:44 UTC 2011
Jagan thanks for your help.
I have resolved the problem, perhaps others will have the same issue.
Mandrivia configures bind with a bogon_acl config file which.....
// Filter out the bogon networks. These are networks
// listed by IANA as test, RFC1918, Multicast, experi-
// mental, etc. If you see DNS queries or updates with
// a source address within these networks, this is likely
// of malicious origin. CAUTION: If you are using RFC1918
// netblocks on your network, remove those netblocks from
// this list of blackhole ACLs!
so 109.0.0.0/8 was listed but no doubt due to the sacristy of IPV4 addresses many of the bogon networks are now valid.
cf http://www.team-cymru.org/Services/Bogons/changelog.html
On 4 Aug, 2011, at 10:31 AM, jagan padhi wrote:
> rndc flush to the problemetic domain
>
> On Thu, Aug 4, 2011 at 1:03 AM, Stuart Gall <stuart at otenet.gr> wrote:
> Thank you for your reply.
> My end (doing the lookup) is Mandriva 2009 bind-9.5.0-6mdv2009.0.i586
>
> I still can not resolve ONLY this domain ONLY from that system.
>
> On 3 Aug, 2011, at 8:26 PM, jagan padhi wrote:
>
>>
>> What is the OS details??
>>
>>
>> On Tue,What Jul 26, 2011 at 6:40 PM, Stuart Gall <stuart at otenet.gr> wrote:
>> Hello,
>> I have a caching nameserver setup it has been working for ages. Today I have a problem resolving a particular domain and I just cant see why there is a problem. (BIND 9.5.0-P2)
>>
>> It appears that ONLY I have a problem resolving this single domain !
>>
>>
>> [root at felix etc]# dig mx streetlightfilms.co.uk @localhost
>>
>> ; <<>> DiG 9.5.0-P2 <<>> mx streetlightfilms.co.uk @localhost
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36416
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;streetlightfilms.co.uk. IN MX
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Tue Jul 26 15:37:15 2011
>> ;; MSG SIZE rcvd: 40
>>
>>
>> Looking manually
>>
>>
>> [root at felix etc]# dig ns streetlightfilms.co.uk @ns1.nic.uk
>>
>> ; <<>> DiG 9.5.0-P2 <<>> ns streetlightfilms.co.uk @ns1.nic.uk
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57410
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
>> ;; WARNING: recursion requested but not available
>>
>> ;; QUESTION SECTION:
>> ;streetlightfilms.co.uk. IN NS
>>
>> ;; AUTHORITY SECTION:
>> streetlightfilms.co.uk. 172800 IN NS ns1.thisismyengine.net.
>> streetlightfilms.co.uk. 172800 IN NS ns2.thisismyengine.net.
>>
>> ;; Query time: 57 msec
>> ;; SERVER: 195.66.240.130#53(195.66.240.130)
>> ;; WHEN: Tue Jul 26 15:37:25 2011
>> ;; MSG SIZE rcvd: 94
>>
>> [root at felix etc]# dig mx streetlightfilms.co.uk @ns1.thisismyengine.net
>>
>> ; <<>> DiG 9.5.0-P2 <<>> mx streetlightfilms.co.uk @ns1.thisismyengine.net
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61932
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; QUESTION SECTION:
>> ;streetlightfilms.co.uk. IN MX
>>
>> ;; ANSWER SECTION:
>> streetlightfilms.co.uk. 14400 IN MX 10 mail.streetlightfilms.co.uk.
>>
>> ;; ADDITIONAL SECTION:
>> mail.streetlightfilms.co.uk. 14400 IN A 109.70.146.20
>>
>> ;; Query time: 60 msec
>> ;; SERVER: 109.70.146.20#53(109.70.146.20)
>> ;; WHEN: Tue Jul 26 15:37:34 2011
>> ;; MSG SIZE rcvd: 77
>>
>>
>> I can resolve other domains just fine. AFAIK I only get servfail on this particular domain.
>>
>> [root at felix etc]# dig google.co.uk @localhost
>>
>> ; <<>> DiG 9.5.0-P2 <<>> google.co.uk @localhost
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15330
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;google.co.uk. IN A
>>
>> ;; ANSWER SECTION:
>> google.co.uk. 207 IN A 74.125.232.116
>> google.co.uk. 207 IN A 74.125.232.112
>> google.co.uk. 207 IN A 74.125.232.113
>> google.co.uk. 207 IN A 74.125.232.114
>> google.co.uk. 207 IN A 74.125.232.115
>>
>> ;; AUTHORITY SECTION:
>> google.co.uk. 172707 IN NS ns3.google.com.
>> google.co.uk. 172707 IN NS ns4.google.com.
>> google.co.uk. 172707 IN NS ns1.google.com.
>> google.co.uk. 172707 IN NS ns2.google.com.
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Tue Jul 26 15:37:42 2011
>> ;; MSG SIZE rcvd: 192
>>
>>
>> The query log gives
>> 26-Jul-2011 15:20:47.272 client 127.0.0.1#35060: query: streetlightfilms.co.uk IN NS +
>>
>>
>> My ISP can resolve the domain
>> [root at felix etc]# dig soa streetlightfilms.co.uk @195.170.2.2
>>
>> ; <<>> DiG 9.5.0-P2 <<>> soa streetlightfilms.co.uk @195.170.2.2
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34843
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;streetlightfilms.co.uk. IN SOA
>>
>> ;; ANSWER SECTION:
>> streetlightfilms.co.uk. 14400 IN SOA ns1.thisismyengine.net. hostmaster.streetlightfilms.co.uk. 2011012011 3600 900 604800 14400
>>
>> ;; Query time: 67 msec
>> ;; SERVER: 195.170.2.2#53(195.170.2.2)
>> ;; WHEN: Tue Jul 26 16:00:38 2011
>> ;; MSG SIZE rcvd: 109
>>
>>
>>
>>
>> How can I debug this further ?
>>
>> TIA
>> Stuart
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
> --
> Stuart Gall
> ----------------------------------------------
> All of your mail are belong to us
>
>
>
>
>
--
Stuart Gall
----------------------------------------------
All of your mail are belong to us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110804/0a022219/attachment.html>
More information about the bind-users
mailing list