<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Dear list</p>
<p>I'm running several bind caching resolver based on Ubuntu latest
bind release 9.18.30.<br>
Configuration is pretty simple. A few public IP prefixes are
allowed to use these server as recursive resolver. <br>
All other prefixes are no allowed to use them. The setup is up for
several years and works more or less without problems.</p>
<p>Now I have a case I have no explanation for.<br>
It's about a glue record and expired cache behavior: <font
face="Ubuntu Mono">crane.smokva.net<br>
In some cases "dig </font><font face="Ubuntu Mono">@ns2.ggamaur.net
crane.smokva.net" gives me a SERVFAIL back. This happens when
TTL in servers local cache has expired. But this answer will
appear only once, a second dig gives me the IP.</font></p>
<font face="Ubuntu Mono" size="2">#dig @ns2.ggamaur.net
crane.smokva.net<br>
<br>
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu
<<>> @ns2.ggamaur.net crane.smokva.net<br>
; (1 server found)<br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
9174<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
1<br>
<br>
;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags:; udp: 1232<br>
; COOKIE: f81401b79354e29b010000006809fd983d7daeae1c6bfada (good)<br>
;; QUESTION SECTION:<br>
;crane.smokva.net. IN A<br>
<br>
;; ANSWER SECTION:<br>
crane.smokva.net. 26 IN A 85.10.196.166<br>
<br>
;; Query time: 1 msec<br>
;; SERVER: 213.160.40.34#53(ns2.ggamaur.net) (UDP)<br>
;; WHEN: Thu Apr 24 11:00:08 CEST 2025<br>
;; MSG SIZE rcvd: 89<br>
<br>
#dig @ns2.ggamaur.net crane.smokva.net<br>
</font>
<font face="Ubuntu Mono" size="2"><br>
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu
<<>> @ns2.ggamaur.net crane.smokva.net<br>
; (1 server found)<br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id:
26109 <---------------- Cache expired<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL:
1<br>
<br>
;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags:; udp: 1232<br>
; COOKIE: d2c192e8c153ff65010000006809fdc00ff4b74c1bc6a88a (good)<br>
;; QUESTION SECTION:<br>
;crane.smokva.net. IN A<br>
<br>
;; Query time: 1 msec<br>
;; SERVER: 213.160.40.34#53(ns2.ggamaur.net) (UDP)<br>
;; WHEN: Thu Apr 24 11:00:48 CEST 2025<br>
;; MSG SIZE rcvd: 73<br>
</font>
<p><font face="Ubuntu Mono" size="2">#dig @ns2.ggamaur.net
crane.smokva.net<br>
<br>
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu
<<>> @ns2.ggamaur.net crane.smokva.net<br>
; (1 server found)<br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
23097<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
ADDITIONAL: 1<br>
<br>
;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags:; udp: 1232<br>
; COOKIE: 7573634154fc104a010000006809fdfe3b4159d1878e28be
(good)<br>
;; QUESTION SECTION:<br>
;crane.smokva.net. IN A<br>
<br>
;; ANSWER SECTION:<br>
crane.smokva.net. 300 IN A 85.10.196.166<br>
<br>
;; Query time: 11 msec<br>
;; SERVER: 213.160.40.34#53(ns2.ggamaur.net) (UDP)<br>
;; WHEN: Thu Apr 24 11:01:50 CEST 2025<br>
;; MSG SIZE rcvd: 89</font></p>
<p>In detail, wireshark shows me the following when a local cache
entry has expired.<br>
</p>
<p><font face="Ubuntu Mono">No. Time
Source Destination Protocol
Length Info<br>
# query to local bind server<br>
</font><font face="Ubuntu Mono">599 2025-04-24
08:34:32.084611 213.160.41.17
213.160.41.10 DNS 87
Standard query 0x5a68 A crane.smokva.net OPT<br>
# server sends query to rootserver<br>
</font><font face="Ubuntu Mono">600 2025-04-24
08:34:32.086197 2a02:5c0:1:11::10
2001:500:2d::d DNS 119
Standard query 0xf931 A crane.smokva.net OPT<br>
</font><font face="Ubuntu Mono">601 2025-04-24
08:34:32.086318 2a02:5c0:1:11::10
2001:500:2d::d DNS 119
Standard query 0x7c1b AAAA crane.smokva.net OPT<br>
# server sends server failure as an answer to client<br>
</font><font face="Ubuntu Mono">602 2025-04-24
08:34:32.086334 213.160.41.10
213.160.41.17 DNS 87
Standard query response 0x5a68 Server failure A crane.smokva.net
OPT<br>
# answer from rootserver<br>
</font><font face="Ubuntu Mono">603 2025-04-24
08:34:32.087883 2001:500:2d::d
2a02:5c0:1:11::10 DNS 1235
Standard query response 0x7c1b AAAA crane.smokva.net NS
a.gtld-servers.net NS<br>
</font><font face="Ubuntu Mono">604 2025-04-24
08:34:32.087883 2001:500:2d::d
2a02:5c0:1:11::10 DNS 1235
Standard query response 0xf931 A crane.smokva.net NS
a.gtld-servers.net NS<br>
# server queries .net server<br>
</font><font face="Ubuntu Mono">605 2025-04-24
08:34:32.089329 2a02:5c0:1:11::10
2001:503:231d::2:30 DNS 119
Standard query 0x18a7 AAAA crane.smokva.net OPT<br>
</font><font face="Ubuntu Mono">606 2025-04-24
08:34:32.089399 2a02:5c0:1:11::10
2001:503:231d::2:30 DNS 119
Standard query 0x88f8 A crane.smokva.net OPT<br>
# answer from .net server<br>
</font><font face="Ubuntu Mono">607 2025-04-24
08:34:32.091282 2001:503:231d::2:30
2a02:5c0:1:11::10 DNS 494
Standard query response 0x88f8 A crane.smokva.net NS
crane.smokva.net<br>
</font><font face="Ubuntu Mono">608 2025-04-24
08:34:32.091283 2001:503:231d::2:30
2a02:5c0:1:11::10 DNS 494
Standard query response 0x18a7 AAAA crane.smokva.net NS
crane.smokva.net<br>
# server queries to crane.smokva.net <br>
</font><font face="Ubuntu Mono">609 2025-04-24
08:34:32.091815 213.160.41.10
85.10.196.166 DNS 99
Standard query 0x1bda A crane.smokva.net OPT<br>
</font><font face="Ubuntu Mono">610 2025-04-24
08:34:32.091882 213.160.41.10
85.10.196.166 DNS 99
Standard query 0xb973 AAAA crane.smokva.net OPT<br>
</font><font face="Ubuntu Mono">611 2025-04-24
08:34:32.101617 85.10.196.166
213.160.41.10 DNS 129
Standard query response 0xb973 AAAA crane.smokva.net SOA
crane.smokva.net OPT<br>
</font><font face="Ubuntu Mono">612 2025-04-24
08:34:32.101617 85.10.196.166
213.160.41.10 DNS 117
Standard query response 0x1bda A crane.smokva.net A
85.10.196.166 NS crane.smokva.net OPT</font></p>
<p><font face="Ubuntu Mono">Can somebody explain me why the server
in No. 602 sends back a server failure and still keeps its
resolving process for crane.smokva.net?</font></p>
<font face="Ubuntu Mono">Flo</font><br>
<font face="Ubuntu Mono"><br>
</font><br>
<p><br>
</p>
</body>
</html>