BIND9 SERVFAIL on some .gov addresses

Ryan Novosielski novosirj at umdnj.edu
Thu Feb 10 19:26:11 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

I am running into a problem with the Oracle Solaris-delivered BIND9
(BIND 9.6-ESV-R3) that I have running on four DNS servers. I have to
admit my BIND troubleshooting skills aren't what they could be, given
that the product normally "just works."

My issue is with looking up MX records specifically on some .gov
addresses. I would not be surprised if this is somehow EDNS/DNSSEC
related. Here is dig trace on the example:

; <<>> DiG 9.6-ESV-R3 <<>> MX health.nyc.gov +trace
;; global options: +cmd
.                       187059  IN      NS      f.root-servers.net.
.                       187059  IN      NS      m.root-servers.net.
.                       187059  IN      NS      d.root-servers.net.
.                       187059  IN      NS      b.root-servers.net.
.                       187059  IN      NS      l.root-servers.net.
.                       187059  IN      NS      g.root-servers.net.
.                       187059  IN      NS      j.root-servers.net.
.                       187059  IN      NS      a.root-servers.net.
.                       187059  IN      NS      c.root-servers.net.
.                       187059  IN      NS      k.root-servers.net.
.                       187059  IN      NS      i.root-servers.net.
.                       187059  IN      NS      e.root-servers.net.
.                       187059  IN      NS      h.root-servers.net.
;; Received 336 bytes from 130.219.11.100#53(130.219.11.100) in 3 ms

gov.                    172800  IN      NS      b.gov-servers.net.
gov.                    172800  IN      NS      a.gov-servers.net.
;; Received 111 bytes from 192.33.4.12#53(c.root-servers.net) in 5 ms

nyc.gov.                86400   IN      NS      vwall1a.nyc.gov.
nyc.gov.                86400   IN      NS      vwall2a.nyc.gov.
nyc.gov.                86400   IN      NS      vwall3a.nyc.gov.
nyc.gov.                86400   IN      NS      vwall4a.nyc.gov.
;; Received 191 bytes from 209.112.123.30#53(b.gov-servers.net) in 71 ms

dig: isc_socket_create: address family not supported

I've read that I shouldn't let this error message lead me anywhere in
particular. Does anyone have some advice for where to start
troubleshooting? I've tried BIND elsewhere, no issues (though not the
same exact version). A dig +trace actually works from my laptop against
the server (but dig by itself returns no MX records).

Thank you in advance for suggestions. This one is causing some nasty
problems.
- -- 
- ---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1UO9IACgkQmb+gadEcsb682QCaA0uPjJnQGxXOt/CUAXuYN+l2
VGEAoLOuqMQcJWurO8sCGNfrr3Oc/B0u
=Hq8W
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: novosirj.vcf
Type: text/x-vcard
Size: 301 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110210/515c3142/attachment.vcf>


More information about the bind-users mailing list