mysqlstudent at gmail.com
Tue Sep 11 18:56:58 UTC 2018
On Tue, Sep 11, 2018 at 2:47 PM John W. Blue <john.blue at rrcic.com> wrote:
> If you use wireshark to slice n dice the pcap .. "dns.flags.rcode == 2" shows all of your SERVFAIL happens on localhost.
> If you switch to "dns.qry.name == storage.pardot.com" every single query is localhost.
> Unless you have another NIC that you are sending traffic over this does not look like a bandwidth issue at this particular point in time.
Thanks so much. I think I also may have confused things by suggesting
it was related to bandwidth or utilization. I see it also happen now
more regularly too.
Can you ascertain why it is reporting these SERVFAILs?
The queries are on localhost because /etc/resolv.conf lists localhost
as the nameserver. Is that why we can't diagnose this? This most
recent packet trace was started with "-i any". Why would the ones on
localhost be the ones which are failing? I'm assuming postfix and/or
some other process is querying bind on localhost to cause these
More information about the bind-users