BIND servfail from caching server
Justin Krejci
jkrejci at usinternet.com
Thu Mar 3 22:37:36 UTC 2011
Forgot to additionally add that the only thing that showed up in the
logs was the query log entry, nothing else pertaining the below query. I
also checked with tcpdump on the caching server that it was not sending
any queries towards the Earthlink IP addresses which makes sense given
that the SERVFAIL response comes back in <2 ms according to dig.
On Thu, 2011-03-03 at 16:29 -0600, Justin Krejci wrote:
> When doing a recursive query for MX supernet.com against a caching BIND
> server, the BIND server responds back with the answer. The TTL is 300.
>
> After the TTL expires the following recursive query for the same record
> returns a SERVFAIL from the caching server.
>
> If I do a +trace on the same query to the same caching server for the
> same data it is able to respond with the answer yet a standard recursive
> query still gives a SERVFAIL.
>
> Queries for other domains are working fine on this caching server. Other
> 3rd party DNS caching servers are responding fine for the same record
> above even after the TTL expires, tried @8.8.8.8 and @208.67.220.220
>
> If if flush the cache on the caching server it successfully returns the
> answer to the query but only for the up the TTL's life then goes back to
> SERVFAIL again. (tried doing a full stop-and-start of named as well).
>
> This particular server is running BIND 9.7.0-P2 but this exact same
> behavior is also happening on a server running 9.5.1-P2.1 as well.
>
> So I noticed when doing a trace that the NS servers are different
> between the gtld and the actual authoritative servers.
>
> <snip>
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> ;; Received 502 bytes from 192.36.148.17#53(i.root-servers.net) in 2987
> ms
>
> supernet.com. 172800 IN NS ns2.earthlink.net.
> supernet.com. 172800 IN NS ns3.earthlink.net.
> ;; Received 111 bytes from 192.54.112.30#53(h.gtld-servers.net) in 119
> ms
>
> supernet.com. 300 IN MX 5
> onemain-mx.earthlink.net.
> supernet.com. 3600 IN NS dns1.earthlink.net.
> supernet.com. 3600 IN NS dns2.earthlink.net.
> ;; Received 172 bytes from 207.217.120.43#53(ns3.earthlink.net) in 54 ms
>
>
>
> Is this just a bug that upgrading BIND will fix or is there something
> else going on here?
More information about the bind-users
mailing list