intermittent SERVFAIL for high visible domains such as *

Brian J. Murrell brian at
Thu Jan 25 14:06:49 UTC 2018

On Wed, 2018-01-17 at 10:45 -0500, Brian J. Murrell wrote:
> I have a BIND (9.9.4)[1] server that runs well most of the time, but
> periodically it will start returning SERVFAIL for very high-level
> domains such as *, *, *, etc.  It
> seems to happen most frequently with Google domains, but I wonder if
> that is just a reflection on the percentage of queries I have for
> those
> here.

The culprit here is the DDNS processing.  Once I moved the DDNS
processing (that is coming from the DHCP server) off onto a separate
server the problem server stopped having SERVFAIL for names that it
should just not happen for, like

So, now I just have to chase down why DDNS is causing this.

This BIND server is from the FreeIPA project so it's an LDAP-backed
BIND so perhaps (probably?) that has something to do with it.  I will
take it up with the FreeIPA folks since it's their build of BIND that
is causing the problems.

Much much thanks for the help and patience here while I got to the root

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the bind-users mailing list