servfail response message question

Barry Margolin barmar at
Wed Jun 26 14:24:24 UTC 2013

In article <mailman.668.1372206152.20661.bind-users at>,
 RYAN CHERVENKA <ryan_chervenka at> wrote:

> I currently have a domain authoritative on my Ubuntu server and 
> it is delegating to my load balancer.Ý is a 
> CNAME for www.gslb.example.comÝ has an NS record pointing to 
> the LB

Client sends query for to Ubuntu DNS server. The 
> Ubuntu DNS server sends a query to the load balancer for 
> and the LB responds to the Ubuntu DNS server with the right A record in the 
> answer section. However, the Ubuntu server responds to the client with 
> servfail.Ý

When I look at the pcap from the Ubuntu server, the LB is 
> responding to it with the correct IP but the dig response from the Ubuntu 
> server to the client shows "no servers could be reached" when I dig against 
> the Ubuntu. I also see the same message in the dns response in the pcap 
> (obviously).

Ryans-MacBook-Pro:~ ryanc$ dig @ <-me 
> querying the Ubuntu for

; <<>> DiG 9.8.3-P1 <<>> @ 
; (1 server found)
;; global options: +cmd
;; connection 
> timed out; no servers could be reached

Do you have any ideas as to why this 
> is happening?

Ryan Chervenka

Why is the Ubuntu server sending the query to the LB at all? To emulate 
how a caching server works, you should be sending queries WITHOUT the RD 
flag, so the Ubuntu server should return a delegation to the LB, and 
then the caching server should query the LB.

Regarding the problem as you state it, is the LB responding 

Barry Margolin
Arlington, MA

More information about the bind-users mailing list