1. Zone has expired (to confirm: check logs)
2. Corrupted/truncated journal file (to confirm: check logs, or, shut
down gracefully, delete journal and start up again)
3. www.blah.com is a delegation in your slave copy of the zone, and the
delegated nameservers are all returning SERVFAIL, are lame, give bogus
answers, some combination of the above, etc. (to confirm: do the lookup
non-recursively, or a zone transfer of blah.com; if www.blah.com shows
as a delegation, query the delegated nameservers directly and see what
they return)
- Kevin
On 8/2/2010 10:17 AM, Atkins, Brian (GD/VA-NSOC) wrote:
I'm troubleshooting an issue with internal resolution of a domain. I
have 2 identical slave servers that resolve for domains that have been
delegated to our group. However, while one of the servers can
successfully provide the responses, the other cannot. I've checked with
the network gurus to verify there is not a possibility of a firewall or
IPS rule causing the issue, but came back empty-handed.
Here's the breakdown (please don't laugh at the antiques...):
Sun V210's running Solaris 5.8
BIND 9.5.1-P3
...
zone "blah.com" {
type slave;
file "/slave/db.blah.com";
masters { 10.xxx.xxx.xxx; };
allow-transfer { none; };
allow-query { "all-clients"; };
};
...
# Query local server (one with issues) fails
$ dig www.blah.com.
;<<>> DiG 9.5.1-P3<<>> www.blah.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1735
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
; www.blah.com. IN A
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 2 14:12:48 2010
;; MSG SIZE rcvd: 29
# Query master directly or twin server from problem server succeeds
$ dig @10.xxx.xxx.xxx www.blah.com.
;<<>> DiG 9.5.1-P3<<>> @10.xxx.xxx.xxx www.blah.com.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 341
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
; www.blah.com. IN A
;; ANSWER SECTION:
www.blah.com. 300 IN A 10.xxx.xxx.xxx
;; Query time: 34 msec
;; SERVER: 10.xxx.xxx.xxx #53(10.xxx.xxx.xxx)
;; WHEN: Mon Aug 2 14:14:16 2010
;; MSG SIZE rcvd: 45
Any ideas to point me in the right direction?
Thanks,
Brian
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
