Hi,

I found this kind of query-errors
  
referral:1,restart:1,qrysent:0,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0
-----8<-----8<-----8<-----
Sep 24 20:22:23 cow named[8034]: queries: info: client @0x7fb13f0168 
192.168.38.49#50058 (shavar.services.mozilla.com): query: 
shavar.services.mozilla.com IN A + (192.168.38.1)
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
shavar.services.mozilla.com/A
Sep 24 20:22:23 cow named[8034]: queries: info: client @0x7fb65ec168 
192.168.38.49#62908 (content-signature-2.cdn.mozilla.net): query: 
content-signature-2.cdn.mozilla.net IN A + (192.168.38.1)
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
content-signature-2.cdn.mozilla.net/A
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: mozilla.net/NS
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
shavar.prod.mozaws.net/A
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: cdn.mozilla.net/NS
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: mozilla.net/DS
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
content-signature-chains.prod.autograph.services.mozaws.net/A
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
services.mozaws.net/NS
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
autograph.services.mozaws.net/NS
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
ns-283.awsdns-35.com/A
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
ns-283.awsdns-35.com/AAAA
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
ns-631.awsdns-14.net/A
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
ns-631.awsdns-14.net/AAAA
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
ns-1136.awsdns-14.org/A
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
ns-1136.awsdns-14.org/AAAA
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
ns-1973.awsdns-54.co.uk/A
Sep 24 20:22:23 cow named[8034]: resolver: debug 1: fetch: 
ns-1973.awsdns-54.co.uk/AAAA
Sep 24 20:22:24 cow named[8034]: resolver: debug 1: fetch: 
ns-495.awsdns-61.com/A
Sep 24 20:22:24 cow named[8034]: resolver: debug 1: fetch: 
ns-495.awsdns-61.com/AAAA
Sep 24 20:22:24 cow named[8034]: resolver: debug 1: fetch: 
ns-806.awsdns-36.net/A
Sep 24 20:22:24 cow named[8034]: resolver: debug 1: fetch: 
ns-806.awsdns-36.net/AAAA
Sep 24 20:22:24 cow named[8034]: resolver: debug 1: fetch: 
ns-1483.awsdns-57.org/A
Sep 24 20:22:24 cow named[8034]: resolver: debug 1: fetch: 
ns-1483.awsdns-57.org/AAAA
Sep 24 20:22:24 cow named[8034]: resolver: debug 1: fetch: 
ns-1689.awsdns-19.co.uk/A
Sep 24 20:22:24 cow named[8034]: resolver: debug 1: fetch: 
ns-1689.awsdns-19.co.uk/AAAA
Sep 24 20:22:24 cow named[8034]: query-errors: info: client @0x7fb65ec168 
192.168.38.49#62908 (content-signature-2.cdn.mozilla.net): query failed 
(SERVFAIL) for content-signature-2.cdn.mozilla.net/IN/A at query.c:7837
Sep 24 20:22:24 cow named[8034]: query-errors: debug 2: fetch completed at 
resolver.c:4144 for 
content-signature-chains.prod.autograph.services.mozaws.net/A in 0.551997: 
SERVFAIL/success 
[domain:prod.autograph.services.mozaws.net,referral:1,restart:1,qrysent:0,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
-----8<-----8<-----8<-----

According to the document[1], resolver had 1 referral received and 1 cycle the 
resolver tried and at least sent one query. But I don't understand why the 
qrysent is 0 ?

This kind of query-errors would happen on other domains.

My environment is a Raspberry Pi 4 with old Debian 10 linux. I downloaded the 
bind 9.18.30 source[2] and build by myself.
-----8<-----8<-----8<-----
$ /usr/local/sbin/named -V
BIND 9.18.30 (Extended Support Version) <id:cdc8d69>
running on Linux aarch64 5.10.103-v8+ #1529 SMP PREEMPT Tue Mar 8 12:26:46 GMT 
2022
built by make with  '--with-json-c' '--enable-dnstap' '--with-libxml2' 
'--without-lmdb' '--with-tuning=small' '--with-libidn2' '--sysconfdir=/etc/bind'
compiled by GCC 8.3.0
compiled with OpenSSL version: OpenSSL 1.1.1n  15 Mar 2022
linked to OpenSSL version: OpenSSL 1.1.1n  15 Mar 2022
compiled with libuv version: 1.24.1
linked to libuv version: 1.24.1
compiled with libnghttp2 version: 1.36.0
linked to libnghttp2 version: 1.36.0
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with json-c version: 0.12.1
linked to json-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.1
linked to protobuf-c version: 1.3.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 
ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 
HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): no

default paths:
  named configuration:  /etc/bind/named.conf
  rndc configuration:   /etc/bind/rndc.conf
  DNSSEC root key:      /etc/bind/bind.keys
  nsupdate session key: /usr/local/var/run/named/session.key
  named PID file:       /usr/local/var/run/named/named.pid
  named lock file:      /usr/local/var/run/named/named.lock
-----8<-----8<-----8<-----

I download and build the new version of the bind is because the debian one is 
old and had many query errors for years. I thought the newer bind could solve 
the query errors. But it seems not solve the problems. I'll continue to find 
the problems in my environment.

By the way, there is a typo on the document[1] that the log example is "for 
www.example.com/A" but the below text said "recursive resolution for AAAA record of 
www.example.com".

[1] https://downloads.isc.org/isc/bind9/9.18.30/doc/arm/Bv9ARM.pdf Chapter 8, 
page 108.
[2] https://downloads.isc.org/isc/bind9/9.18.30/bind-9.18.30.tar.xz

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to