BIND9 SERVFAIL on some .gov addresses

[Ryan Novosielski]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/10/2011 04:19 PM, Chuck Swiger wrote:

> The adberr count looks like it can only be incremented by two code sections in lib/dns/resolver.c:
> 
>         if (result != ISC_R_SUCCESS) {
>                 if (result == DNS_R_ALIAS) {
>                         /*
>                          * XXXRTH  Follow the CNAME/DNAME chain?
>                          */
>                         dns_adb_destroyfind(&find);
>                         fctx->adberr++;
>                 }
>         }
> 
> [ ...and... ]
> 
>                         if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0)
>                                 fctx->lamecount++; /* cached lame server */
>                         else
>                                 fctx->adberr++; /* unreachable server, etc. */
> 
> This implies a connectivity issue between your client and the nyc.gov nameservers, I think.
> But there are local wizards lurking who are much more familiar with the code than I....

I would think so too except another one is dc.gov. It would strike me as
unlikely that I can't reach two .gov sites out of the blue. I sent a
note to our telecomm people too to see if they might see something on
the Firewall.

> For the other example:
> 
>>  resolver.c:3178 for idphdomain.idph.state.ia.us/MX in 30.000069: timed
>> out/success [domain:idphdomain.
>> idph.state.ia.us,referral:3,restart:4,qrysent:20,timeout:19,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
> 
> 
> I get no response either.  I'd imagine a delegation problem somewhere in the list of domains, although if you poke around, you can find servers which will answer and claim no MX records exist:

OK, thanks -- I did not carefully check other locations for that one.
Good to know that's not just me.

- -- 
- ---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1UXrEACgkQmb+gadEcsb4dPQCfcrelZiF8TyT3BBZa1L4ERW7y
oPQAoLSR9pVFn7BBbb9nFfms5+l/MHqR
=pnvt
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: novosirj.vcf
Type: text/x-vcard
Size: 301 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110210/8e44f3e9/attachment.vcf>