BIND servfail from caching server

Justin Krejci jkrejci at usinternet.com
Thu Mar 3 22:37:36 UTC 2011 

Forgot to additionally add that the only thing that showed up in the
logs was the query log entry, nothing else pertaining the below query. I
also checked with tcpdump on the caching server that it was not sending
any queries towards the Earthlink IP addresses which makes sense given
that the SERVFAIL response comes back in <2 ms according to dig.

On Thu, 2011-03-03 at 16:29 -0600, Justin Krejci wrote:
> When doing a recursive query for MX supernet.com against a caching BIND
> server, the BIND server responds back with the answer.  The TTL is 300.
> 
> After the TTL expires the following recursive query for the same record
> returns a SERVFAIL from the caching server.
> 
> If I do a +trace on the same query to the same caching server for the
> same data it is able to respond with the answer yet a standard recursive
> query still gives a SERVFAIL.
> 
> Queries for other domains are working fine on this caching server. Other
> 3rd party DNS caching servers are responding fine for the same record
> above even after the TTL expires, tried @8.8.8.8 and @208.67.220.220
> 
> If if flush the cache on the caching server it successfully returns the
> answer to the query but only for the up the TTL's life then goes back to
> SERVFAIL again. (tried doing a full stop-and-start of named as well).
> 
> This particular server is running BIND 9.7.0-P2 but this exact same
> behavior is also happening on a server running 9.5.1-P2.1 as well.
> 
> So I noticed when doing a trace that the NS servers are different
> between the gtld and the actual authoritative servers.
> 
> <snip>
> com.                    172800  IN      NS      l.gtld-servers.net.
> com.                    172800  IN      NS      e.gtld-servers.net.
> ;; Received 502 bytes from 192.36.148.17#53(i.root-servers.net) in 2987
> ms
> 
> supernet.com.           172800  IN      NS      ns2.earthlink.net.
> supernet.com.           172800  IN      NS      ns3.earthlink.net.
> ;; Received 111 bytes from 192.54.112.30#53(h.gtld-servers.net) in 119
> ms
> 
> supernet.com.           300     IN      MX      5
> onemain-mx.earthlink.net.
> supernet.com.           3600    IN      NS      dns1.earthlink.net.
> supernet.com.           3600    IN      NS      dns2.earthlink.net.
> ;; Received 172 bytes from 207.217.120.43#53(ns3.earthlink.net) in 54 ms
> 
> 
> 
> Is this just a bug that upgrading BIND will fix or is there something
> else going on here?

More information about the bind-users mailing list