<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
On 7/25/2011 10:22 AM, Sathyan Arjunan (sarjunan) [CONTRACTOR]
wrote:
<blockquote
cite="mid:556D96CC42F55246B3A154E757BE983C0C08E7EF@ntxboimbx21.micron.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal" style="">Recent days, I am facing
frequent caching issues with my DNS servers which are
responsible for recursive
lookup to external queries. As a temporary solution, we used
to refresh the
named daemon to clear the cache. To isolate this issue we
upgraded the BIND to
“<span style="font-size: 10pt; font-family:
"Arial","sans-serif"; color: blue;">BIND
9.7.3</span>” but even after the upgrade issue repeats. <span
style="font-size: 10pt; font-family:
"Arial","sans-serif"; color: blue;"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">If I
do a nslookup for “</span><strong><span style="font-size:
12pt; color: navy;">mail.sin.gpi-g.com</span></strong><span
style="color: rgb(31, 73, 125);">”, it fails. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size: 12pt;
color: navy;">nslookup
mail.sin.gpi-g.com</span></strong><b><span
style="font-size: 12pt; font-family: "Times New
Roman","serif"; color: navy;"><br>
</span></b><span style="color: rgb(31, 73, 125);">Server:
dnsserver<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Address:
x.x.x.x#53<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; font-family:
"Times New Roman","serif";"> <o:p></o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size: 12pt;
color: navy;">** server
can't find mail.sin.gpi-g.com: SERVFAIL</span></strong><span
style="color: rgb(31, 73, 125);"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">To
fix this I have to restart
the named daemon in caching DNS server. Once I restart, the
lookup resolves
well. However the issue appears again in few days. Any
thoughts?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">nslookup
mail.sin.gpi-g.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Server:
dnsserver<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Address:
x.x.x.x#53<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Non-authoritative
answer:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Name:
mail.sin.gpi-g.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Address:
203.175.163.180<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; color:
rgb(31, 73, 125);"><o:p> </o:p></span></p>
<br>
</div>
</blockquote>
nameserver2.gpi-g.com is persistently responding with SERVFAIL.for
anything at sin.gpi-g.com or beneath. Looks to me like a
misconfiguration of some sort.<br>
<br>
nameserver1.gpi-g.com is responding reasonably, *but* only gives
nameserver2.gpi-g.com in the Authority Section of its response. So
only that NS gets cached, and named will keep trying the "bad"
nameserver until you restart named, which will get it working
temporarily until the "bad" NS is cached again.<br>
<br>
There is nothing you can do to fix this in your instance(s) of BIND.
The domain owner has created a Single Point of Failure, and then
that node has failed. They need to fix the node failure, put more
diversity into their published NS records, or (preferably)
implement both options.<br>
<br>
- Kevin<br>
<br>
<br>
<br>
</body>
</html>