On Wed, 2018-01-17 at 10:45 -0500, Brian J. Murrell wrote: > I have a BIND (9.9.4)[1] server that runs well most of the time, but > periodically it will start returning SERVFAIL for very high-level > domains such as *.google.com, *.gstatic.com, *.github.com, etc. It > seems to happen most frequently with Google domains, but I wonder if > that is just a reflection on the percentage of queries I have for > those > here.
The culprit here is the DDNS processing. Once I moved the DDNS processing (that is coming from the DHCP server) off onto a separate server the problem server stopped having SERVFAIL for names that it should just not happen for, like www.google.com. So, now I just have to chase down why DDNS is causing this. This BIND server is from the FreeIPA project so it's an LDAP-backed BIND so perhaps (probably?) that has something to do with it. I will take it up with the FreeIPA folks since it's their build of BIND that is causing the problems. Much much thanks for the help and patience here while I got to the root cause. Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users