intermittent SERVFAIL for high visible domains such as *.google.com

Brian J. Murrell brian at interlinx.bc.ca
Tue Jan 23 17:12:46 UTC 2018


On Tue, 2018-01-23 at 09:53 -0700, Grant Taylor via bind-users wrote:
> 
> Could you try disabling DDNS updates for a little while?

That's effectively what I have done.

I set up a second server configuration running new zone on a different
IP address and pointed the DHCP server at it so that the DHCP server is
no longer sending DDNS updates to the server that is having these
intermittent outages.

I've set up CNAME pointers from the main server to the new server for
the names (of DHCP clients) that need to be resolvable as well as for a
reverse zone on the new server.

> Maybe you'll 
> get lucky (for a given value of luck) and find that the problem 
> continues happening even with DDNS updates disabled.  Thus you will
> have 
> a reasonable idea that the issue is not related to DDNS updates.

Exactly my goal.  I'm fairly sure that the problem is going to stop
happening now that the server is no longer processing DDNS updates.

Unfortunately it's impractical to run like this for the long term as
any DHCP client that comes into the network ought to be able to be
resolvable by it's name in the main zone, but that would require CNAMEs
for any and every possible name that could show up in a DHCP client.

Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180123/e3412003/attachment.bin>


More information about the bind-users mailing list