> Our recursive resolver periodically returns SERVFAIL for lookups for > hhs.gov records, which are served by these nameservers: > > rh202ns1.355.dhhs.gov. 168 IN A 158.74.30.98 > rh202ns1.355.dhhs.gov. 14260 IN AAAA 2607:f220:0:1::2a > rh202ns2.355.dhhs.gov. 168 IN A 158.74.30.99 > rh202ns2.355.dhhs.gov. 14260 IN AAAA 2607:f220:0:1::2b > rh120ns2.368.dhhs.gov. 81 IN A 158.74.30.103 > rh120ns2.368.dhhs.gov. 81 IN AAAA 2607:f220:0:1::2d > rh120ns1.368.dhhs.gov. 168 IN A 158.74.30.102 > rh120ns1.368.dhhs.gov. 14260 IN AAAA 2607:f220:0:1::2c
I don’t know the cause, but checking these nameserver authoritative and glue records, I see ttl 300 for the authoritative records and ttl 86400 for the gov glue records. The caching ttls above suggest the AAAA records are cached glue and the A records are cached authoritative. Just an observation. But that seems like something bind would deal with every day, even with both A and AAAA records for the same NS name. One clear thing about the above query is that renewals from the authoritative the nameservers don’t happen to be in synch. John Wobus Cornell University IT _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users