sporadic, noaa.gov SERVFAIL
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Tue Feb 3 18:38:28 UTC 2015
Which way did you configure your EDNS buffer size? I think there's a not-so-subtle difference between doing it in "options" _versus_ in a "server" clause (despite the "server" being defined as 0.0.0.0/0 or ::/0). "server" seems to only affect queries that named itself generates to nameservers, whereas the "options" settings seems to also affect what named will negotiate to when responding to clients.
EDNS buffer-size negotiation is point-to-point, not end-to-end. This might explain why your queries are working, with a smaller EDNS buffer size, on the nameserver-to-nameserver end of things, while at the same time you still see a 4096 buffer size for the client-to-resolver side.
- Kevin
-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Brad Bendily
Sent: Friday, January 30, 2015 5:33 PM
To: Mark Andrews
Cc: bind-users at lists.isc.org
Subject: RE: sporadic, noaa.gov SERVFAIL
For some reason, I had set:
"edns-udp-size 4096;"
I switched it to:
"edns-udp-size 1432;"
as you suggested and for now the problem appears to be resolved.
but the dig still shows "udp: 4096" which seems odd.
At least this lets me work for now until I can get the firewalls fixed upstream.
cs99la50:~ # dig www.nhc.noaa.gov
; <<>> DiG 9.9.4-P2 <<>> www.nhc.noaa.gov ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40890 ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 3, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
Thanks
bb
-----Original Message-----
From: Mark Andrews [mailto:marka at isc.org]
Sent: Thursday, January 29, 2015 5:24 PM
To: Brad Bendily
Cc: bind-users at lists.isc.org
Subject: Re: sporatic, noaa.gov SERVFAIL
In message <F5FC122448E1BA4A8D6D2119430B41D54724C782 at MAILMB06.swe.la.gov>, Brad Bendily writes:
> Doesn't succed all the way. so I assume somewhere up the chain,
> firewalls a= re either blocking=20 EDNS, or fragmenting the packets?
> Any way for me to pinpoint the specific firewall?
> We are an agency, behind another agency.=20 So I don't think it's our
> immediate hop, but was hoping I could point direc= tly to the problem
> router/firewall.
See if adding "+bufsize=1432" lets you get a response. This allows for a IPv4 in IPv6 or IPv6 in IPv4 tunnel without fragmention over Ethernet.
Named and dig will fallback to TCP if needed.
You can tell named to advertise this size with
edns-udp-size 1432;
or
server 0.0.0.0/0 { edns-udp-size 1432; };
server ::/0 { edns-udp-size 1432; };
for just IPv4 and IPv6 respectively. Longest match wins with server clauses so if you have more specific entries you will need to add this to them also.
I've got a broken NAT which doesn't handle out of order fragments so I use
server 0.0.0.0/0 { edns-udp-size 1432; };
The best solution however is to fix the firewall.
Mark
> dig +trace +all +dnssec www.nhc.noaa.gov
>
> ; <<>> DiG 9.9.6-P1 <<>> +trace +all +dnssec www.nhc.noaa.gov ;;
> global options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54198 ;; flags: qr
> ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 25
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;. IN NS
>
> ;; ANSWER SECTION:
> . 502864 IN NS g.root-servers.net.
> . 502864 IN NS j.root-servers.net.
> . 502864 IN NS a.root-servers.net.
> . 502864 IN NS m.root-servers.net.
> . 502864 IN NS c.root-servers.net.
> . 502864 IN NS l.root-servers.net.
> . 502864 IN NS i.root-servers.net.
> . 502864 IN NS b.root-servers.net.
> . 502864 IN NS f.root-servers.net.
> . 502864 IN NS e.root-servers.net.
> . 502864 IN NS k.root-servers.net.
> . 502864 IN NS h.root-servers.net.
> . 502864 IN NS d.root-servers.net.
> . 518385 IN RRSIG NS 8 0 518400 20150208170000 20
> 150129160000 16665 . wBP=
> +DfP/H1T7T267f+aUmqZFa6L0xAkPh2CGu1jQo8Z5+1kcchA6v0Ee
> +BFlVI90eFFgLrFJKugBq4=
> XozHW5Uj7HQHP9dPPI0W4z2u4380vM/Rdbq
> xRB8nesg66eWEghiocUvG2pUCIBfE60ReAu9lFk=
> tYTQWNHoSFOjMLhS0 1Fg=3D
>
> ;; ADDITIONAL SECTION:
> a.root-servers.net. 502867 IN A 198.41.0.4
> a.root-servers.net. 502867 IN AAAA 2001:503:ba3e::2:30
> b.root-servers.net. 502867 IN A 192.228.79.201
> b.root-servers.net. 502867 IN AAAA 2001:500:84::b
> c.root-servers.net. 502867 IN A 192.33.4.12
> c.root-servers.net. 502867 IN AAAA 2001:500:2::c
> d.root-servers.net. 502867 IN A 199.7.91.13
> d.root-servers.net. 502867 IN AAAA 2001:500:2d::d
> e.root-servers.net. 502867 IN A 192.203.230.10
> f.root-servers.net. 502867 IN A 192.5.5.241
> f.root-servers.net. 502867 IN AAAA 2001:500:2f::f
> g.root-servers.net. 502867 IN A 192.112.36.4
> h.root-servers.net. 502867 IN A 128.63.2.53
> h.root-servers.net. 502867 IN AAAA 2001:500:1::803f:235
> i.root-servers.net. 502867 IN A 192.36.148.17
> i.root-servers.net. 502867 IN AAAA 2001:7fe::53
> j.root-servers.net. 502867 IN A 192.58.128.30
> j.root-servers.net. 502867 IN AAAA 2001:503:c27::2:30
> k.root-servers.net. 502867 IN A 193.0.14.129
> k.root-servers.net. 502867 IN AAAA 2001:7fd::1
> l.root-servers.net. 502867 IN A 199.7.83.42
> l.root-servers.net. 502867 IN AAAA 2001:500:3::42
> m.root-servers.net. 502867 IN A 202.12.27.33
> m.root-servers.net. 502867 IN AAAA 2001:dc3::35
>
> ;; Query time: 0 msec
> ;; SERVER: 10.120.11.85#53(10.120.11.85) ;; WHEN: Thu Jan 29 16:12:31
> CST 2015 ;; MSG SIZE rcvd: 913
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38806 ;; flags:
> qr; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; AUTHORITY SECTION:
> gov. 172800 IN NS a.gov-servers.net.
> gov. 172800 IN NS b.gov-servers.net.
> gov. 86400 IN DS 7698 8 1 6F109B46A80CEA9613DC86
> D5A3E065520505AAFE
> gov. 86400 IN DS 7698 8 2 6BC949E638442EAD0BDAF0
> 935763C8D003760384FF15EBB=
> D5CE86BB5 559561F0
> gov. 86400 IN RRSIG DS 8 1 86400 20150208170000 201
> 50129160000 16665 . uc=
> jpVlvTDORdbUPC8Be67uAeVplPFOV5b+5Ej6dOIjEdreiVp8Xqw5ro
> jpVlvTDORdbUPC8Be67uAeVplPFOV5b+fh4VmLa+/TvdwPLr2uZD=
> 5Cm7uPI5t+Ux477CYEaWGVQO5Jguc1xvwo/U
> 5Cm7uPI5t+lEoI177BjHdTM2PTrp+woZQp1SpIINIBidmidi=
> c3dPWuDLzQIGscFlVn S1I=3D
>
> ;; ADDITIONAL SECTION:
> a.gov-servers.net. 172800 IN A 69.36.157.30
> b.gov-servers.net. 172800 IN A 209.112.123.30
> a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30
>
> ;; Query time: 43 msec
> ;; SERVER: 193.0.14.129#53(193.0.14.129) ;; WHEN: Thu Jan 29 16:12:31
> CST 2015 ;; MSG SIZE rcvd: 395
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57350 ;; flags:
> qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1472 ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; AUTHORITY SECTION:
> noaa.gov. 86400 IN NS ns-e.noaa.gov.
> noaa.gov. 86400 IN NS ns-mw.noaa.gov.
> noaa.gov. 86400 IN NS ns-nw.noaa.gov.
> noaa.gov. 3600 IN DS 19789 5 1 F26B21B0C8365F80A8522
> 1BA8CC6DF40CC73B05B
> noaa.gov. 3600 IN DS 19789 5 2 ABA039285FD7FA9D26020
> 6DD4C12D93CE346644A753=
> 16A143A27883D E93FA35B
> noaa.gov. 3600 IN RRSIG DS 8 2 3600 20150205175724 2015
> 0129175724 4352 gov=
> . wB2UOo0xqtc9SX7uy4DiOlZkfret3kcdB9IDG93d5M28flNhhLnZSgSU
> K2ZFyjnlqb25k0Z8=
> uca2tSSpb8hOPldsvvKG8Rgs7x48+fgXciY2ovPn
> uca2tSSpb8hOPldsvvKG8Rgs7x48+mzKedfsgTVtXGgjZsLAVovTY2y3weio1YU=
> SEziLeM9++yaJ0REA6JiQq 3HM=3D
>
> ;; ADDITIONAL SECTION:
> ns-e.noaa.gov. 86400 IN A 140.90.33.237
> ns-mw.noaa.gov. 86400 IN A 140.172.17.237
> ns-nw.noaa.gov. 86400 IN A 161.55.32.2
> ns-e.noaa.gov. 86400 IN AAAA 2610:20:8000:8c00::237
> ns-mw.noaa.gov. 86400 IN AAAA 2610:20:8800:8c00::237
> ns-nw.noaa.gov. 86400 IN AAAA 2610:20:8c00:8c00::2
>
> ;; Query time: 18 msec
> ;; SERVER: 209.112.123.30#53(209.112.123.30) ;; WHEN: Thu Jan 29
> 16:12:45 CST 2015 ;; MSG SIZE rcvd: 483
>
> ;; connection timed out; no servers could be reached
>
> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org]=20
> Sent: Thursday, January 29, 2015 3:38 PM
> To: Brad Bendily
> Cc: bind-users at lists.isc.org
> Subject: Re: sporatic, noaa.gov SERVFAIL
>
>
> Ensure your firewall passes fragmented UDP packets.
>
> dig +trace +all +dnssec www.nhc.noaa.gov
>
> should succeed. You will notice that the responses are large.
>
> Mark
>
> ; <<>> DiG 9.11.0pre-alpha <<>> +trace +all +dnssec www.nhc.noaa.gov
> ;; glo= bal options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41145 ;; flags: qr
> aa; =
> QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;. IN NS
>
> ;; ANSWER SECTION:
> . 518400 IN NS e.root-servers.net.
> . 518400 IN NS i.root-servers.net.
> . 518400 IN NS h.root-servers.net.
> . 518400 IN NS g.root-servers.net.
> . 518400 IN NS b.root-servers.net.
> . 518400 IN NS l.root-servers.net.
> . 518400 IN NS j.root-servers.net.
> . 518400 IN NS m.root-servers.net.
> . 518400 IN NS c.root-servers.net.
> . 518400 IN NS f.root-servers.net.
> . 518400 IN NS a.root-servers.net.
> . 518400 IN NS d.root-servers.net.
> . 518400 IN NS k.root-servers.net.
> . 518400 IN RRSIG NS 8 0 518400 20150208170000 20
> 150129160000 16665 . wBP=
> +DfP/H1T7T267f+aUmqZFa6L0xAkPh2CGu1jQo8Z5+1kcchA6v0Ee
> +BFlVI90eFFgLrFJKugBq4=
> XozHW5Uj7HQHP9dPPI0W4z2u4380vM/Rdbq
> xRB8nesg66eWEghiocUvG2pUCIBfE60ReAu9lFk=
> tYTQWNHoSFOjMLhS0 1Fg=3D
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Jan 30 08:35:07 EST 2015
> ;; MSG SIZE rcvd: 397
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37128 ;; flags:
> qr; QUE=
> RY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; AUTHORITY SECTION:
> gov. 172800 IN NS a.gov-servers.net.
> gov. 172800 IN NS b.gov-servers.net.
> gov. 86400 IN DS 7698 8 1 6F109B46A80CEA9613DC86
> D5A3E065520505AAFE
> gov. 86400 IN DS 7698 8 2 6BC949E638442EAD0BDAF0
> 935763C8D003760384FF15EBB=
> D5CE86BB5 559561F0
> gov. 86400 IN RRSIG DS 8 1 86400 20150208170000 201
> 50129160000 16665 . uc=
> jpVlvTDORdbUPC8Be67uAeVplPFOV5b+5Ej6dOIjEdreiVp8Xqw5ro
> jpVlvTDORdbUPC8Be67uAeVplPFOV5b+fh4VmLa+/TvdwPLr2uZD=
> 5Cm7uPI5t+Ux477CYEaWGVQO5Jguc1xvwo/U
> 5Cm7uPI5t+lEoI177BjHdTM2PTrp+woZQp1SpIINIBidmidi=
> c3dPWuDLzQIGscFlVn S1I=3D
>
> ;; ADDITIONAL SECTION:
> a.gov-servers.net. 172800 IN A 69.36.157.30
> b.gov-servers.net. 172800 IN A 209.112.123.30
> a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30
>
> ;; Query time: 180 msec
> ;; SERVER: 192.228.79.201#53(192.228.79.201) ;; WHEN: Fri Jan 30
> 08:35:07 E= ST 2015 ;; MSG SIZE rcvd: 395
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43552 ;; flags:
> qr; QUE=
> RY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1472 ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; AUTHORITY SECTION:
> noaa.gov. 86400 IN NS ns-e.noaa.gov.
> noaa.gov. 86400 IN NS ns-mw.noaa.gov.
> noaa.gov. 86400 IN NS ns-nw.noaa.gov.
> noaa.gov. 3600 IN DS 19789 5 1 F26B21B0C8365F80A8522
> 1BA8CC6DF40CC73B05B
> noaa.gov. 3600 IN DS 19789 5 2 ABA039285FD7FA9D26020
> 6DD4C12D93CE346644A753=
> 16A143A27883D E93FA35B
> noaa.gov. 3600 IN RRSIG DS 8 2 3600 20150205175724 2015
> 0129175724 4352 gov=
> . wB2UOo0xqtc9SX7uy4DiOlZkfret3kcdB9IDG93d5M28flNhhLnZSgSU
> K2ZFyjnlqb25k0Z8=
> uca2tSSpb8hOPldsvvKG8Rgs7x48+fgXciY2ovPn
> uca2tSSpb8hOPldsvvKG8Rgs7x48+mzKedfsgTVtXGgjZsLAVovTY2y3weio1YU=
> SEziLeM9++yaJ0REA6JiQq 3HM=3D
>
> ;; ADDITIONAL SECTION:
> ns-e.noaa.gov. 86400 IN A 140.90.33.237
> ns-mw.noaa.gov. 86400 IN A 140.172.17.237
> ns-nw.noaa.gov. 86400 IN A 161.55.32.2
> ns-e.noaa.gov. 86400 IN AAAA 2610:20:8000:8c00::237
> ns-mw.noaa.gov. 86400 IN AAAA 2610:20:8800:8c00::237
> ns-nw.noaa.gov. 86400 IN AAAA 2610:20:8c00:8c00::2
>
> ;; Query time: 172 msec
> ;; SERVER: 69.36.157.30#53(69.36.157.30) ;; WHEN: Fri Jan 30 08:35:08
> EST 2=
> 015 ;; MSG SIZE rcvd: 483
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59153 ;; flags: qr
> aa; =
> QUERY: 1, ANSWER: 15, AUTHORITY: 4, ADDITIONAL: 13
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
> ;www.nhc.noaa.gov. IN A
>
> ;; ANSWER SECTION:
> www.nhc.noaa.gov. 300 IN CNAME edge-nws.woc.noaa.gov.
> www.nhc.noaa.gov. 300 IN RRSIG CNAME 5 4 300 20150205145231 20
> 150129145231 =
> 49680 nhc.noaa.gov.
> LRzPzZS3xkV21r3YDBiCXUvroMnuT2Fw7jzjlmpusRhP82Ai+XPftnu=
> K rmbu9pqIgIA28pe7wR8Sz61LEfhvNtGfS9JOMcMPxQmBlny6/JWSgwBF
> hlIhOqyRSktraXTT= J/n9sSqC3/QjKFs+dWTTrynTy2ZvfWscqL2KakaT
> pqcSrhDolgyDocqsExzgcWjyPYSHwR/rCM=
> CcCje5PXfY1GrzrQ/UUMe0
> rAr7kn6J1C0oDmUtbpIRYuqNQKwPp2EdIZ8akZmL151HDMcIlc2p=
> G+4X S5zdlMZ3lV/O8WC0E3Db31JIX1EmdjeSiUdhs7GmUC+XW496NdppsCo4
> G+6JL8LQ=3D=3D
> edge-nws.woc.noaa.gov. 300 IN CNAME edge-p1.l.noaa.gov.
> edge-nws.woc.noaa.gov. 300 IN RRSIG CNAME 5 4 300 201502051
> 45342 2015012914=
> 5342 41187 woc.noaa.gov.
> CgEHsTvz6Z+gE8AdDTL/Uy7KuDgtzBwwURLgvu9uBSG9vQD7/a=
> xDgnSy oJOJ/Ir2OlQQEQi7fInwllHLYqFEby8MhBM0ADnkROVP4ixzQdv3Kbj3
> d6ItRxGIzwz=
> fLEKOAkopeHsWiAy5Eepkeu3DNMyqxEi55AAATUzEJCN1
> aU9RZokNfmhkv9rKY+lJXUPnXtpoa=
> OASXs9S5hJoI1MVsQWjbYSkiBy7
> AnVYNTK8IlGnmk/pwIh9NVvygB2bcL0YIy8Cdvqv+7TdM3z=
> 4BfLl2T69 tAn7jdMRqDhEho9hdbw1BJqX2s3IBX9t83wZ9LgS+i/0nwXuGTmsPorZ
> ZHws6A= =3D=3D
> edge-p1.l.noaa.gov. 30 IN A 140.172.17.11
> edge-p1.l.noaa.gov. 30 IN A 140.172.17.21
> edge-p1.l.noaa.gov. 30 IN A 216.38.80.71
> edge-p1.l.noaa.gov. 30 IN A 216.38.80.81
> edge-p1.l.noaa.gov. 30 IN A 129.15.96.11
> edge-p1.l.noaa.gov. 30 IN A 129.15.96.21
> edge-p1.l.noaa.gov. 30 IN A 140.90.33.11
> edge-p1.l.noaa.gov. 30 IN A 140.90.33.21
> edge-p1.l.noaa.gov. 30 IN A 140.90.200.11
> edge-p1.l.noaa.gov. 30 IN A 140.90.200.21
> edge-p1.l.noaa.gov. 30 IN RRSIG A 5 4 30 20150205203218 2015012
> 9203218 5479=
> 5 l.noaa.gov. xhewX9CefTTIY4Hkic+g9CLZKDfiEVNwBFW6AH1M6JsZiH1qmXkddMOo
> N8rz= QxHVIoVMq27NnpBBRLzcNOqp6AlrxuA1VnCEtsWR3R9cvNSkU03N
> zrN7nzpdApGRT4T4Uyw6cF=
> TVPJQm8daZRhivqJ2Htgf+bZKB9Dj2yG9R
> TVPJQm8daZRhivqJ2Htgf+5ppoZpZ9Scf79n7Ul+Rt/beM7eZYmNsBBP0O2Kw+=
> e75hqySyB3plB70p
> 9hI1QJTsYTgTyCEt0IHu4oXLFpGIRltkEI7GJ13U7UlgPDJaY+OU3Rut 0=
> lL7V/xWhOabF17mAA+7J/eqYPKcAt/vE9e0tAyyc56791Nn+NCVir/z eolq0Q=3D=3D
>
> ;; AUTHORITY SECTION:
> l.noaa.gov. 86400 IN NS ns-mw.noaa.gov.
> l.noaa.gov. 86400 IN NS ns-nw.noaa.gov.
> l.noaa.gov. 86400 IN NS ns-e.noaa.gov.
> l.noaa.gov. 86400 IN RRSIG NS 5 3 86400 20150205203218 201
> 50129203218 5479=
> 5 l.noaa.gov. TxJ2hj2WgSC/rUoUboTxelNmPEyJYoDSuy7iBcmS3A6cCtEK5TU46R8g
> zFDR=
> 7beDuAiz8rgcef5gW9s8DW6CVvZ2Drw71edldQgVh5OjNgxoQED5
> jCexouzP0JajUI5BZqGMqs= 2l2mRdRXqrDMOky5mgctOD4HmqC4PfDwYs
> XxWJClW13J4YS/QkYB9IiHGWXLjYb+TvDyqRyxYP=
> ZAzLybfTLj+nMkky
> ZAzLybfTLj+O34ke7t87tM5aF1m8V7+E1hf8MJLqy+2HSJK9SUJeqZj2strYMNz9vP7 7=
> KP5wtbHCAe3qRELDSPj3/63L3gvNvVhLBhwUb4xSEhU7WWZgWHKbNfj w7Fx/Q=3D=3D
>
> ;; ADDITIONAL SECTION:
> ns-e.noaa.gov. 86400 IN A 140.90.33.237
> ns-e.noaa.gov. 86400 IN AAAA 2610:20:8000:8c00::237
> ns-mw.noaa.gov. 86400 IN A 140.172.17.237
> ns-mw.noaa.gov. 86400 IN AAAA 2610:20:8800:8c00::237
> ns-nw.noaa.gov. 86400 IN A 161.55.32.2
> ns-nw.noaa.gov. 86400 IN AAAA 2610:20:8c00:8c00::2
> ns-e.noaa.gov. 86400 IN RRSIG A 5 3 86400 20150205145
> 234 20150129145234 45=
> 702 noaa.gov. fuCsyeBpUCiKExnAveteeEZttukTfrtFCPw9PUsE2/F7T1BiWUbpedsp
> zq57= wmrH4fc7Qe11h420poeK0nDMbQpwKfmQwRpMhCGEWG/ZgeK6PoXa
> uNH1YIf9giMGUn055trEvH=
> XRTcwsBZq8/CqfyeSHPjKd5QRoQGvEXoP1
> GGzrlINzlDNaExNmWJRBDC7q8uDRKRLC28fYBkOR=
> UK3z5+2HzqWrCeHi
> UK3z5+pjWRmyE53WTLwq/960YQ4S//bOlT6OBTzP2N7S9fhR7cIwvFBrgEuBqQ +=
> 1eNmCXqz6nDPmjqysjnI/wtb6d/HMYiJpXu07hcLiPQ9/4Z3+jbbGAQ k0ii8Q=3D=3D
> ns-e.noaa.gov. 86400 IN RRSIG AAAA 5 3 86400 20150205
> 145234 20150129145234=
> 45702 noaa.gov.
> zy8WYbgybQ8ijOX7NuUmhl2nftvgytTeyv5ZQuIDfVvo2lWmnTQK51Mm Y=
> RZnRMfN/Sms5Hg3YN5HE3nVxXs6/OGx758DDPyleSygPAzzxDM5I7jf
> ZJNBOp3FH3hLh7fMhcT=
> 4zz5TycIWxwBjThYDU2Q7BGGykMLrJyz3W7d+ T2S2WzVCzbV5WdgnfQpf1bdYOi+UvNpd
> 4zz5TycIWxwBjThYDU2Q7BGGykMLrJyz3W7d+ T2S2WzVCzbV5WdgnfQpf1bdYOi+c2vBq
> 4zz5TycIWxwBjThYDU2Q7BGGykMLrJyz3W7d+ T2S2WzVCzbV5WdgnfQpf1bdYOi+=
> u96SOKKiCxHBuBQGoqO
> RfTo/qhMSIRR+gWfHm2uOweDzx8roD97AvJ0OuiUERYEnZ03JSYB/++=
> 9 fiMzz0Ke0nuChztkQYxx+EWeZQZx1ekE44+HwOZdXv7ksUJpEGCfpISI zoFOGg=3D=3D
> ns-mw.noaa.gov. 86400 IN RRSIG A 5 3 86400 20150205145
> 234 20150129145234 4=
> 5702 noaa.gov.
> dZ3g54AHjVYtJkMq+52Q2uvgu2lrtxtzFbwcWnaxBsE4lSsHpa0jTX3v hoE=
> Y96GbmBNR6oxuwV8Gr2KS576IULKvP4c5y6+LGtZsHXPWkIacQA0M
> Y96GbmBNR6oxuwV8Gr2KS576IULKvP4c5y6+uNSfnY6yYXMDJHjvdgGPF=
> tpo11akDgSFHWe8VxxHDnfGx9ZfLZq4Q1nB
> OAenmjRqr93FbKz2LbEGjHm3Rkou0bZgvR1hpeK=
> 0ElhkTn5aX8vscrgQ
> Tiw9K2u3aFuj+DFMb7w33W4WFCc1oUwULgg8sI5EjNHDHZRIFLdzJ4MC = AQuKw0Iet5el/2UmU4qv9u9zLCteQ4kALJuQ0hDQDYEHrNkPG+uvAhaD 0X9UZQ=3D=3D
> ns-mw.noaa.gov. 86400 IN RRSIG AAAA 5 3 86400 20150205
> 145234 2015012914523=
> 4 45702 noaa.gov.
> zCbaVxy40gnAYAoC8qY9iWEzAlAkNwmDZhY+7BDgLb5DAYpAexoMlckq =
> FIISulHYwitORYGOkdLkM5odhoKXh7Znr+UE7OZ0eve6j0pehuP/X/Mp
> FIISulHYwitORYGOkdLkM5odhoKXh7Znr+N8tzccZc86sWzUSqqU=
> hV533FaCxkDhoB7WzRIoSLAwnDeFuH0NDMvgA0
> jZ+hCCC2lzI6GGO29PQ80EmFUd4vyBFLT1YO=
> bNEQwUE7EEZcRi4SIXGq
> JJFrlqhPSd2jhaSbNNwJJ4cckc94L1G4ujP1W+OIJLk1QIQ057ph+H=
> 71 jFNIfqesjAYEJaEB52WhzOkBl0ASdSBHznmYZkPLlE8mYbZfm7SgFFqY EpJHhw=3D=3D
> ns-nw.noaa.gov. 86400 IN RRSIG A 5 3 86400 20150205145
> 234 20150129145234 4=
> 5702 noaa.gov.
> 2q8ipHzvJFt+ST9w83x+CvgDcRjDKUpfnCcHQAPDxi1CKrj2slwq0cDc avK=
> kHpsSPJEfTfDe3/UXtFwJEyxYcLoVcHXL+Q8ITyabrOMbH0L0RPhR
> Ptpk3SIGU7kr1wi8qOGPd=
> /oFjbNqhtCqWRcsiMNySRerC4TsSTYdNe/3
> kNHubIeBaEF8BlJ3uI44rowGnEzmM5EOLfyZS5d=
> C5ZQIIO4uIf/F0uJy
> 3kcSh1X8XLcXapsZ9x6bRPct9A7ia3uFHrSMVGoC8lPnJdFRjYK3JKZn = fKxv6V8YjzL7vs1OoMhbjT4c6OrnpRDyeux7yZ/1cVGwfnj/UlrS5SXb vEAfpg=3D=3D
> ns-nw.noaa.gov. 86400 IN RRSIG AAAA 5 3 86400 20150205
> 145234 2015012914523=
> 4 45702 noaa.gov.
> szU3JWwU+AXmn2gZqgGgCBNOlVB1jrMRUuX277zCHa+KbstEX5DrkdGg =
> RWCwV91zhq9LzswfykGg4MRI3n1CuZj9G2u0YD8goF5inCSYgQrF14+Y
> RWCwV91zhq9LzswfykGg4MRI3n1CuZj9G2u0YD8goF5inCSYgQrF14+iNigxkHPEdYWyEQ
> RWCwV91zhq9LzswfykGg4MRI3n1CuZj9G2u0YD8goF5inCSYgQrF14+ZeO=
> v3jPm/nZDV9vHt8SxUxYVVEQ7Cbj9+rwxdY2n1
> PA5oc5On4yvKZt96Oy1igcxiWtby5uKDhlx1=
> e1DkoW0DFYZ5AAwF4nbQ
> iP5d/8qlJd8VpXigP9VxMlNtD9e1cTWgUwpv3iOEJpZRo1ey/4OfGu=
> vP I17k64Ex/3x5FAX12FTR3z5s51HGSCTguVVZgzJsvy0DrwCIL07xZOtG
> zRBEXQ=3D=3D
>
> ;; Query time: 265 msec
> ;; SERVER: 140.172.17.237#53(140.172.17.237) ;; WHEN: Fri Jan 30
> 08:35:08 E= ST 2015 ;; MSG SIZE rcvd: 3419
>
>
>
> In message
> <F5FC122448E1BA4A8D6D2119430B41D54724C677 at MAILMB06.swe.la.gov>, = Brad Bendily writes:
> > So, for a while we have had issues with resolving www.nhc.noaa.gov.
> >=20
> > In the past, a full restart of named fixed it for some amount of time.
> >=20
> > Last week I updated our named to 9.9.6-P1, so I assumed whatever
> >the=20 problem was would be resolved by this update. Apparently not.
> >=20
> > As you can see from the dig commands below. One resolves
> >correctly,=20 then 2 mi nutes later SERVFAIL. How can I troubleshoot this further?
> >=20
> > thanks
> > bb
> >=20
> > dr93la08:/var/lib/named/slave # dig www.nhc.noaa.gov
> >=20
> > ; <<>> DiG 9.9.6-P1 <<>> www.nhc.noaa.gov ;; global options: +cmd
> >;;=20 Got answ
> > er:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27700 ;; flags:
> >qr=20 rd ra;
> > QUERY: 1, ANSWER: 12, AUTHORITY: 2, ADDITIONAL: 4
> >=20
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION:
> > ;www.nhc.noaa.gov. IN A
> >=20
> > ;; ANSWER SECTION:
> > www.nhc.noaa.gov. 300 IN CNAME edge-nws.woc.noaa.gov.
> > edge-nws.woc.noaa.gov. 300 IN CNAME edge-p1.l.noaa.gov.
> > edge-p1.l.noaa.gov. 30 IN A 140.172.17.11
> > edge-p1.l.noaa.gov. 30 IN A 140.90.33.11
> > edge-p1.l.noaa.gov. 30 IN A 140.172.17.21
> > edge-p1.l.noaa.gov. 30 IN A 129.15.96.21
> > edge-p1.l.noaa.gov. 30 IN A 216.38.80.71
> > edge-p1.l.noaa.gov. 30 IN A 140.90.200.21
> > edge-p1.l.noaa.gov. 30 IN A 140.90.33.21
> > edge-p1.l.noaa.gov. 30 IN A 216.38.80.81
> > edge-p1.l.noaa.gov. 30 IN A 129.15.96.11
> > edge-p1.l.noaa.gov. 30 IN A 140.90.200.11
> >=20
> > ;; AUTHORITY SECTION:
> > gov. 172795 IN NS a.gov-servers.net.
> > gov. 172795 IN NS b.gov-servers.net.
> >=20
> > ;; ADDITIONAL SECTION:
> > a.gov-servers.net. 172795 IN A 69.36.157.30
> > a.gov-servers.net. 172795 IN AAAA 2001:500:4431::2:30
> > b.gov-servers.net. 172795 IN A 209.112.123.30
> >=20
> > ;; Query time: 3641 msec
> > ;; SERVER: 10.120.11.107#53(10.120.11.107) ;; WHEN: Thu Jan 29=20
> > 11:52:24 CST 2
> > 015 ;; MSG SIZE rcvd: 363
> >=20
> >=20
> >=20
> > dr93la08:/var/lib/named/slave # dig www.nhc.noaa.gov
> >=20
> > ; <<>> DiG 9.9.6-P1 <<>> www.nhc.noaa.gov ;; global options: +cmd
> >;;=20 Got answ er:k ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL,
> >id:=20
> > 64437 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,=20
> > ADDITIONAL: 1
> >=20
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION:
> > ;www.nhc.noaa.gov. IN A
> >=20
> > ;; Query time: 320 msec
> > ;; SERVER: 10.120.11.107#53(10.120.11.107) ;; WHEN: Thu Jan 29=20
> > 11:53:59 CST 2
> > 015 ;; MSG SIZE rcvd: 45
> >=20
> >=20
> > bb
> >=20
> > Brad Bendily
> > System Administrator
> > Northrop Grumman Corporation
> > Louisiana Dept. of
> > Children and Family Services
> > brad.bendily at la.gov
> > 225.342.6972
> >=20
> >=20
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to=20
> >unsubscribe from this list
> >=20
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list