intermittent SERVFAIL for high visible domains such as *.google.com
Brian J. Murrell
brian at interlinx.bc.ca
Thu Jan 25 14:06:49 UTC 2018
On Wed, 2018-01-17 at 10:45 -0500, Brian J. Murrell wrote:
> I have a BIND (9.9.4)[1] server that runs well most of the time, but
> periodically it will start returning SERVFAIL for very high-level
> domains such as *.google.com, *.gstatic.com, *.github.com, etc. It
> seems to happen most frequently with Google domains, but I wonder if
> that is just a reflection on the percentage of queries I have for
> those
> here.
The culprit here is the DDNS processing. Once I moved the DDNS
processing (that is coming from the DHCP server) off onto a separate
server the problem server stopped having SERVFAIL for names that it
should just not happen for, like www.google.com.
So, now I just have to chase down why DDNS is causing this.
This BIND server is from the FreeIPA project so it's an LDAP-backed
BIND so perhaps (probably?) that has something to do with it. I will
take it up with the FreeIPA folks since it's their build of BIND that
is causing the problems.
Much much thanks for the help and patience here while I got to the root
cause.
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180125/920acd5c/attachment.bin>
More information about the bind-users
mailing list