On Thu, Mar 06, 2014 at 11:00:28AM +0200, Yannis Nikolopoulos wrote: > we've encountered a weird problem on our dual-stack (anycast) resolvers > and I'm wondering if anyone else has experienced anything similar. > Basically, we're getting many SERVFAIL responses for domains not in > cache. The weird part: if the domain does not exist in the cache, a > SERVFAIL response is produced (not all of the times) without the > resolver querying the auth NS (no outgoing communication is attempted).
If you really thing this might be a kernel issue, please record the number of failed syscalls during the time this problem exists: perf script failed-syscalls-by-pid -p or strace -c. Further please record network packets drop in the stack via perf script net_dropmonitor. This might give a hint. Thanks, Hannes
