Karl Auer <ka...@biplane.com.au> wrote: > > Using our local caching, recursive BIND9 nameservers, we get SERVFAIL on > a particular domain, namely "mailergoat.rsi.co.jp". But from other > places, we get NOERROR (which is the correct answer, because there is a > A record with that name). However, from some places outside our network > we also get SERVFAIL.
The name servers for the zone mailergoat.rsi.co.jp are broken. They return a nodata response with the wrong authority for all non-A non-TXT queries. The SOA record owner name in the additional section of the reply should be mailergoat.rsi.co.jp not rsi.co.jp. BIND requires that the SOA owner name in a nodata response matches the zone name that BIND is expecting. This is part of the logic it uses to tell the difference between various kinds of negative responses (as in RFC 2308). Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5 or 6 later. Rough or very rough. Occasional rain. Moderate or good, occasionally poor. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users