Massive increase of SERVFAIL after April 28th 2025.

vincent at cojot.name vincent at cojot.name
Thu May 1 15:55:37 UTC 2025 

Hi Rob,
Thank you for your message. Yes, I've already done all that. (got the 
latest root zone, restart named each time I switch from forwarders 
to non-forwarders, etc...).
I am using lip6.fr as an example because it hosts some mirrors for Fedora 
Linux but I am pretty sure it's not the only site.

On the other hand, I think you might be right.. on a RHEL9 host in Canada, 
even with the same configuration as here in EMEA, I don't reproduce the 
issue anymore:

# dig -t dnskey lip6.fr.

; <<>> DiG 9.16.23-RH <<>> -t dnskey lip6.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31209
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;lip6.fr.			IN	DNSKEY

;; AUTHORITY SECTION:
lip6.fr.		3600	IN	SOA	osiris.lip6.fr. hostmaster.lip6.fr. 2025042900 21600 3600 3600000 3600

;; Query time: 134 msec
;; SERVER: 213.186.33.99#53(213.186.33.99)
;; WHEN: Thu May 01 15:44:14 UTC 2025
;; MSG SIZE  rcvd: 90


,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,
Vincent S. Cojot, Computer Engineering. STEP project. _.,-*~'`^`'~*-,._.,-*~
Ecole Polytechnique de Montreal, Comite Micro-Informatique. _.,-*~'`^`'~*-,.
Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'
http://step.polymtl.ca/~coyote  _.,-*~'`^`'~*-,._ coyote at NOSPAM4cojot.name

They cannot scare me with their empty spaces
Between stars - on stars where no human race is
I have it in me so much nearer home
To scare myself with my own desert places.       - Robert Frost



On Thu, 1 May 2025, Rob McEwen wrote:

> In that case, someone smarter and more knowledgeable on this list will hopefully help you. But first - one last suggestion - if you find that forwards to 3rd party servers work
> - but turning those off causes issues - you should probably make sure that your "root hints" are updated, and purge any caching (rndc flush), then restart BIND. Maybe you've
> already done that? But if not, it's worth a try before digging deeper.
> 
> If that doesn't fix this, then hopefully someone else on this list can help you.
> 
> Rob McEwen, invaluement
> 
> 
> 
> ------ Original Message ------
> From vincent at cojot.name
> To "Rob McEwen" <rob at invaluement.com>
> Cc bind-users at lists.isc.org
> Date 5/1/2025 11:28:23 AM
> Subject Re: Massive increase of SERVFAIL after April 28th 2025.
>
>       Hi Rob,
>  
> Unfortunately, as soon as I remove the 'forwarders' in any of my named servers, the problem comes back. The output in my previous message was captured just a few minutes
> ago after I had disabled 'forwaders' in one of my bind servers.
>  
> Regards,
>  
> Vincent
>  
>  
> On Thu, 1 May 2025, Rob McEwen wrote:
>  
>       From vincent at cojot.name
> until a few days ago (April 28th?) when the amount of SERVFAIL started going ballistic and started preventing the resolution of a lot of DNS names on the internet to
> the point where DNS was unusable
>  
>  
> I strongly suspect that this was caused (even if indirectly?) by the MASSIVE and many-hours-long power outages in Europe, mainly in Spain and Portugal. That started
> on April 28,
> 2025, at approximately 6:33 a.m. Eastern Time (ET) - and the majority of it lasted almot 24 hours.
>  
> https://www.france24.com/en/europe/20250430-what-we-know-so-far-about-the-massive-blackout-that-hit-spain-and-portugal
>  
> Hopefully, you're not seeing any more of these errors now?
>  
> Rob McEwen, invaluement
>  
>  
>  
> 
> 
>

More information about the bind-users mailing list