debug SERVFAIL
Per olof Ljungmark
peo at intersonic.se
Sun Oct 2 17:07:49 UTC 2016
Hi,
On 2016-10-02 17:51, Anand Buddhdev wrote:
> On 02/10/16 17:22, Per olof Ljungmark wrote:
>
> Hello Per,
>
> Please see my answers below. You appear to have a bad configuration.
Well, HAD a bad configuration as I just posted.
>> Hmmm, looks like I've found something here. The default named.conf on
>> FreeBSD has the following section on the root servers. If I comment out
>> the "traditional" root hints and instead use what is recommended below,
>> all reverse lookups will generate a SERVFAIL.
>>
>> This is in the log:
>> zone in-addr.arpa/IN: refresh: non-authoritative answer from master
>> 192.5.5.241#53 (source 0.0.0.0#0)
>
> This line indicates that your BIND server tried to XFR the in-addr.arpa
> zone from f.root-servers.net (192.5.5.241). However, none of the root
> servers are authoritative for the in-addr.arpa zone. Have you also
> configured your BIND server to slave this from 192.5.5.241? If so, then
> it's a misconfiguration.
>
> I would also add that you should NOT slave the root and arpa zones,
> unless you fully understand what you're doing. I suggest that you stop
> doing it.
Already stopped as I just wrote, it is not something we normally do either.
> Just use the "hint" type configuration. This is just fine for most users.
The interesting thing is why FreeBSD includes the recommendation in the
default named.conf if that is not good, and I thought it would be
interesting to know why.
More information about the bind-users
mailing list