Strange SERVFAIL issue

Mark Andrews marka at isc.org
Fri Aug 5 00:08:15 UTC 2011 

In message <6439E580-7A85-4BE3-BF86-67977E1C09A4 at otenet.gr>, Stuart Gall writes
:
> Jagan thanks for your help.
> 
> I have resolved the problem, perhaps others will have the same issue.
> Mandrivia configures bind with a bogon_acl config file which..... 
> 
>     // Filter out the bogon networks.  These are networks
>     // listed by IANA as test, RFC1918, Multicast, experi-
>     // mental, etc.  If you see DNS queries or updates with
>     // a source address within these networks, this is likely
>     // of malicious origin. CAUTION: If you are using RFC1918
>     // netblocks on your network, remove those netblocks from
>     // this list of blackhole ACLs!
> 
> so 109.0.0.0/8 was listed but no doubt due to the sacristy of IPV4
> addresses many of the bogon networks are now valid.
> 
> cf http://www.team-cymru.org/Services/Bogons/changelog.html

Bogon filters are supposed to be updated regularly.  For IPv4 you
can assume that just about all IPv4 unicast space is now valid with
the exception of RFC 1918 addresses.

Also BIND 9.5.x has known security flaws in it and went end-of-life
a while ago so I would recommend upgrading.

Mark

> On 4 Aug, 2011, at 10:31 AM, jagan padhi wrote:
> 
> > rndc flush to the problemetic domain
> > 
> > On Thu, Aug 4, 2011 at 1:03 AM, Stuart Gall <stuart at otenet.gr> wrote:
> > Thank you for your reply.
> > My end (doing the lookup) is Mandriva 2009 bind-9.5.0-6mdv2009.0.i586
> > 
> > I still can not resolve ONLY this domain ONLY from that system.
> > 
> > On 3 Aug, 2011, at 8:26 PM, jagan padhi wrote:
> > 
> >> 
> >> What is the OS details??
> >> 
> >>  
> >> On Tue,What  Jul 26, 2011 at 6:40 PM, Stuart Gall <stuart at otenet.gr>
> wrote:
> >> Hello,
> >> I have a caching nameserver setup it has been working for ages. Today
> I have a problem resolving a particular domain and I just cant see why
> there is a problem. (BIND 9.5.0-P2)
> >> 
> >> It appears that ONLY I have a problem resolving this single domain !
> >> 
> >> 
> >> [root at felix etc]# dig mx streetlightfilms.co.uk @localhost
> >> 
> >> ; <<>> DiG 9.5.0-P2 <<>> mx streetlightfilms.co.uk @localhost
> >> ;; global options:  printcmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36416
> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >> 
> >> ;; QUESTION SECTION:
> >> ;streetlightfilms.co.uk.                IN      MX
> >> 
> >> ;; Query time: 0 msec
> >> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >> ;; WHEN: Tue Jul 26 15:37:15 2011
> >> ;; MSG SIZE  rcvd: 40
> >> 
> >> 
> >> Looking manually
> >> 
> >> 
> >> [root at felix etc]# dig ns streetlightfilms.co.uk @ns1.nic.uk
> >> 
> >> ; <<>> DiG 9.5.0-P2 <<>> ns streetlightfilms.co.uk @ns1.nic.uk
> >> ;; global options:  printcmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57410
> >> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
> >> ;; WARNING: recursion requested but not available
> >> 
> >> ;; QUESTION SECTION:
> >> ;streetlightfilms.co.uk.                IN      NS
> >> 
> >> ;; AUTHORITY SECTION:
> >> streetlightfilms.co.uk. 172800  IN      NS
> ns1.thisismyengine.net.
> >> streetlightfilms.co.uk. 172800  IN      NS
> ns2.thisismyengine.net.
> >> 
> >> ;; Query time: 57 msec
> >> ;; SERVER: 195.66.240.130#53(195.66.240.130)
> >> ;; WHEN: Tue Jul 26 15:37:25 2011
> >> ;; MSG SIZE  rcvd: 94
> >> 
> >> [root at felix etc]# dig mx streetlightfilms.co.uk
> @ns1.thisismyengine.net
> >> 
> >> ; <<>> DiG 9.5.0-P2 <<>> mx streetlightfilms.co.uk
> @ns1.thisismyengine.net
> >> ;; global options:  printcmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61932
> >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
> 1
> >> 
> >> ;; QUESTION SECTION:
> >> ;streetlightfilms.co.uk.                IN      MX
> >> 
> >> ;; ANSWER SECTION:
> >> streetlightfilms.co.uk. 14400   IN      MX      10
> mail.streetlightfilms.co.uk.
> >> 
> >> ;; ADDITIONAL SECTION:
> >> mail.streetlightfilms.co.uk. 14400 IN   A       109.70.146.20
> >> 
> >> ;; Query time: 60 msec
> >> ;; SERVER: 109.70.146.20#53(109.70.146.20)
> >> ;; WHEN: Tue Jul 26 15:37:34 2011
> >> ;; MSG SIZE  rcvd: 77
> >> 
> >> 
> >> I can resolve other domains just fine. AFAIK I only get servfail on
> this particular domain.
> >> 
> >> [root at felix etc]# dig google.co.uk @localhost
> >> 
> >> ; <<>> DiG 9.5.0-P2 <<>> google.co.uk @localhost
> >> ;; global options:  printcmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15330
> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 0
> >> 
> >> ;; QUESTION SECTION:
> >> ;google.co.uk.                  IN      A
> >> 
> >> ;; ANSWER SECTION:
> >> google.co.uk.           207     IN      A       74.125.232.116
> >> google.co.uk.           207     IN      A       74.125.232.112
> >> google.co.uk.           207     IN      A       74.125.232.113
> >> google.co.uk.           207     IN      A       74.125.232.114
> >> google.co.uk.           207     IN      A       74.125.232.115
> >> 
> >> ;; AUTHORITY SECTION:
> >> google.co.uk.           172707  IN      NS      ns3.google.com.
> >> google.co.uk.           172707  IN      NS      ns4.google.com.
> >> google.co.uk.           172707  IN      NS      ns1.google.com.
> >> google.co.uk.           172707  IN      NS      ns2.google.com.
> >> 
> >> ;; Query time: 1 msec
> >> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >> ;; WHEN: Tue Jul 26 15:37:42 2011
> >> ;; MSG SIZE  rcvd: 192
> >> 
> >> 
> >> The query log gives
> >> 26-Jul-2011 15:20:47.272 client 127.0.0.1#35060: query:
> streetlightfilms.co.uk IN NS +
> >> 
> >> 
> >> My ISP can resolve the domain
> >> [root at felix etc]# dig soa streetlightfilms.co.uk @195.170.2.2
> >> 
> >> ; <<>> DiG 9.5.0-P2 <<>> soa streetlightfilms.co.uk @195.170.2.2
> >> ;; global options:  printcmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34843
> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >> 
> >> ;; QUESTION SECTION:
> >> ;streetlightfilms.co.uk.                IN      SOA
> >> 
> >> ;; ANSWER SECTION:
> >> streetlightfilms.co.uk. 14400   IN      SOA
> ns1.thisismyengine.net. hostmaster.streetlightfilms.co.uk. 2011012011
> 3600 900 604800 14400
> >> 
> >> ;; Query time: 67 msec
> >> ;; SERVER: 195.170.2.2#53(195.170.2.2)
> >> ;; WHEN: Tue Jul 26 16:00:38 2011
> >> ;; MSG SIZE  rcvd: 109
> >> 
> >> 
> >> 
> >> 
> >> How can I debug this further ?
> >> 
> >> TIA
> >> Stuart
> >> _______________________________________________
> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >> 
> >> bind-users mailing list
> >> bind-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >> 
> > 
> > --
> > Stuart Gall
> > ----------------------------------------------
> > All of your mail are belong to us
> > 
> > 
> > 
> > 
> > 
> 
> --
> Stuart Gall
> ----------------------------------------------
> All of your mail are belong to us
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list