date:20180725

Little confusion about BIND/AD [DNS] Setup

2018-07-25 Thread Blason R

Hi there,

I have little confusion about bind and Windows AD/DNS Setup and woudl
appreciate if someone can shed some light on my query.

Well, I have BIND/RPZ setup in my environment and I have AD/DNS server,
users are configured to talk to Windows DNS server and it has forwarder set
to my BIND/RPZ.

Now the issue I faced is on my BIND/RPZ is; I had forwarder set as 9.9.9.9
which was flaggin one of site wrongly while 8.8.8.8 is resolving that
perfectly. Hence users while accessing site via AD/DNS -> RPZ -> 9.9.9.9
initially was consistently getting error. Later I decided to change the
forwarder in my BIND and added as 8.8.8.8. Restarted the service that must
have cleared the cache but users who were using AD/DNS were still getting
that wrong pages. I guess that was being served from DNS cache since it was
showing a TTL value of almost 24 hrs.

Hence wondering if TTL value from my BIND/RPZ can be lowered? Will that
really make any difference? And which DNS server is responsible for giving
the TTL value to users? How can I eventually set the lower TTL value in my
environment so that records from end users may get flushed faster?

Windows, BIND RPZ or NS of end portal which is being accessed?

Thanks and Regards,
Lionel F
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Patrik

Is it possible that I have 2 routers on 1 server and 2 views? Should I just
use 1 connection to the same server?
I connect to to internet connection 1 for me downloading etc, and 1 for the
input for web, email, etc...
But I connected 2. The big problem is that I cannot turn off the server 2nd
view, I need exactly the 2 views and I still get a SERVFAIL, but after I do
it again, it will work, or on my workstation I have to refresh the browser
like many times.
Plus by now it cached my ip address, this is what is weird, that the first
time it is like that SERVFAIL and I have know idea what it is doing.
*Eg , the log:*
25-Jul-2018 09:18:27.737 client @0x7faa8c062b10 192.168.78.30#55939 (
ipv4.nop.hu): view internal-enp1s0f3: query failed (SERVFAIL) for
ipv4.nop.hu/IN/ at ../../../bin/named/query.c:6885
25-Jul-2018 09:18:27.738 client @0x7faa8c062b10 192.168.78.30#55939 (
ipv4.nop.hu): view internal-enp1s0f3: query failed (SERVFAIL) for
ipv4.nop.hu/IN/ at ../../../bin/named/query.c:6885
25-Jul-2018 09:18:28.401 client @0x7faa8c062b10 192.168.78.30#50670 (
ipv6.nop.hu): view internal-enp1s0f3: query failed (SERVFAIL) for
ipv6.nop.hu/IN/A at ../../../bin/named/query.c:8402
25-Jul-2018 09:18:28.401 client @0x7faac0184500 192.168.78.30#50670 (
ipv6.nop.hu): view internal-enp1s0f3: query failed (SERVFAIL) for
ipv6.nop.hu/IN/A at ../../../bin/named/query.c:6885
25-Jul-2018 09:18:28.402 client @0x7faa8c034d00
2001:470:1f1b:5b3::b4a#41540 (ipv6.nop.hu): view internal-enp1s0f3: query
failed (SERVFAIL) for ipv6.nop.hu/IN/A at ../../../bin/named/query.c:6885


*So as you told me to do it as:*

patrikx3@workstation:/media/linux-nvme/home/patrikx3$ dig @192.168.81.20
com soa

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @192.168.81.20 com soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43117
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2f5d97d5314b65c4037161895b584e70ccafb7ee026ea3d0 (good)
;; QUESTION SECTION:
;com. IN SOA

;; ANSWER SECTION:
com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1532513892 1800
900 604800 86400

;; AUTHORITY SECTION:
. 10083 IN NS f.root-servers.net.
. 10083 IN NS k.root-servers.net.
. 10083 IN NS e.root-servers.net.
. 10083 IN NS m.root-servers.net.
. 10083 IN NS a.root-servers.net.
. 10083 IN NS j.root-servers.net.
. 10083 IN NS i.root-servers.net.
. 10083 IN NS g.root-servers.net.
. 10083 IN NS d.root-servers.net.
. 10083 IN NS c.root-servers.net.
. 10083 IN NS h.root-servers.net.
. 10083 IN NS l.root-servers.net.
. 10083 IN NS b.root-servers.net.

;; Query time: 34 msec
;; SERVER: 192.168.81.20#53(192.168.81.20)
;; WHEN: Wed Jul 25 12:18:24 CEST 2018
;; MSG SIZE  rcvd: 341

patrikx3@workstation:/media/linux-nvme/home/patrikx3$ dig @192.168.81.20
production.cloudflare.docker.com +trace

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @192.168.81.20
production.cloudflare.docker.com +trace
; (1 server found)
;; global options: +cmd
;; Received 56 bytes from 192.168.81.20#53(192.168.81.20) in 0 ms

patrikx3@workstation:/media/linux-nvme/home/patrikx3$

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Dns Admin


Hi Patrik,

192.168.81.20 appears to be matched to the internal-enp1s0f3 view.
This view might not be able to resolve these external dns entries correctly

what do you get when you try

dig @192.168.81.20 com soa

and

dig @192.168.81.20 production.cloudflare.docker.com +trace

Kind Regards Peter



On 25/07/2018 12:08, Patrik wrote:

Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump 
this domain?

Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
    match-clients { "internal-enp1s0f3"; };
    match-recursive-only yes;
    recursion yes;
    allow-recursion { "internal-enp1s0f3"; };
    notify yes;
    allow-update { none; };
    allow-query { any; };
    allow-transfer { xfer; };
    include "/etc/bind/named.conf.default-zones";

    zone "patrikx3.com " {
        type master;
        file "/etc/bind/zones/enp1s0f3/patrikx3.com 
";

        include "/var/lib/samba/private/named.conf.update";
    };

    zone "corifeus.com " {
        type master;
        file "/etc/bind/zones/enp1s0f3/corifeus.com 
";

    };

    include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
    match-clients { "internal-enp1s0f2"; };
    match-recursive-only yes;
    recursion yes;
    allow-recursion { "internal-enp1s0f2"; };
     notify yes;
    allow-update { none; };
    allow-query { any; };
    allow-transfer { xfer; };

    include "/etc/bind/named.conf.default-zones";

    zone "patrikx3.com " {
        type master;
        file "/etc/bind/zones/enp1s0f2/patrikx3.com 
";

//        include "/var/lib/samba/private/named.conf.update";
    };

    zone "corifeus.com " {
        type master;
        file "/etc/bind/zones/enp1s0f2/corifeus.com 
";

    };

//    include "/var/lib/samba/private/named.conf";

};


view "external" {
    match-clients { any; };

    recursion no;
    additional-from-auth no;
    additional-from-cache no;

//    allow-transfer { any; }; // temporarily allowed for debugging 
purposes

    allow-transfer { none; };

//    zone "namesystem.tk " IN {
//        type master;
//        file "/etc/bind/zones/external.namesystem.tk 
";

//    };
};


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Patrik

Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump this
domain?
Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };

notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};

include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
 notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };

include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
//include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};

//include "/var/lib/samba/private/named.conf";

};


view "external" {
match-clients { any; };

recursion no;
additional-from-auth no;
additional-from-cache no;

//allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };

//zone "namesystem.tk" IN {
//type master;
//file "/etc/bind/zones/external.namesystem.tk";
//};
};
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Patrik


Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump this
domain?
Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };

notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};

include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
 notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };

include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
//include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};

//include "/var/lib/samba/private/named.conf";

};


view "external" {
match-clients { any; };

recursion no;
additional-from-auth no;
additional-from-cache no;

//allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };

//zone "namesystem.tk" IN {
//type master;
//file "/etc/bind/zones/external.namesystem.tk";
//};
};



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Patrik

root@server:~# dig aax-eu.amazon-adsystem.com  @ns-911.amazon.com
+dnssec +norec

; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com  @
ns-911.amazon.com +dnssec +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49254
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com. IN 

;; AUTHORITY SECTION:
aax-eu.amazon-adsystem.com. 60 IN SOA ns-947.amazon.com. root.amazon.com.
1532498716 3600 900 7776000 60

;; Query time: 173 msec
;; SERVER: 52.9.140.222#53(52.9.140.222)
;; WHEN: Wed Jul 25 08:18:23 CEST 2018
;; MSG SIZE  rcvd: 99

root@server:~#

I looks OKAY, but as I sent a previous 2nd e-mail it fails and the log
shows. Very weird.

*Patrik*
WWW  | GitHub  | NPM
 | Corifeus  | +36
20 342 8046




On Wed, Jul 25, 2018 at 8:18 AM Mark Andrews  wrote:

> So what do you get to this command when run on the recursive server?
>
> dig aax-eu.amazon-adsystem.com  @ns-911.amazon.com +dnssec
> +norec
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Mark Andrews

So what do you get to this command when run on the recursive server?

dig aax-eu.amazon-adsystem.com  @ns-911.amazon.com +dnssec +norec

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Patrik

Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump this
domain?
Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };

notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};

include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
 notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };

include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
//include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};

//include "/var/lib/samba/private/named.conf";

};


view "external" {
match-clients { any; };

recursion no;
additional-from-auth no;
additional-from-cache no;

//allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };

//zone "namesystem.tk" IN {
//type master;
//file "/etc/bind/zones/external.namesystem.tk";
//};
};


*Patrik*
WWW  | GitHub  | NPM
 | Corifeus  | +36
20 342 8046




On Wed, Jul 25, 2018 at 8:05 AM Dns Admin  wrote:

> Hi Patrik,
>
> I don't see any SERVFAIL querying for this  record.  maybe your
> "internal-enp1s0f3" view is configured to bump this domain?
>
> Kind Regards Peter
>
> dig aax-eu.amazon-adsystem.com 
>
> ; <<>> DiG 9.10.2-P4 <<>> aax-eu.amazon-adsystem.com 
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32650
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;aax-eu.amazon-adsystem.com.IN  
>
> ;; AUTHORITY SECTION:
> aax-eu.amazon-adsystem.com. 60  IN  SOA ns-924.amazon.com.
> root.amazon.com. 1532498091 3600 900 7776000 60
>
> ;; Query time: 67 msec
> ;; SERVER: 205.166.94.20#53(205.166.94.20)
> ;; WHEN: Wed Jul 25 05:59:58 UTC 2018
> ;; MSG SIZE  rcvd: 110
>
>
> On 25/07/2018 07:52, Patrik wrote:
>
> Hello!
>
> How are you?
> I started having a problem with BIND9. Something must have changed,
> because I start getting SERVFAIL a lot.
> Looks like this:
> 25-Jul-2018 07:44:09.647 client @0x7fa268223c10 192.168.78.30#56577 (
> aax-eu.amazon-adsystem.com): view internal-enp1s0f3: query failed
> (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ at
> ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 (
> aax-eu.amazon-adsystem.com): view internal-enp1s0f2: query failed
> (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ at
> ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.647 client @0x7fa2440c7ef0
> 2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com): view
> internal-enp1s0f3: query failed (SERVFAIL) for
> aax-eu.amazon-adsystem.com/IN/ at ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 (
> aax-eu.amazon-adsystem.com): view internal-enp1s0f2: query failed
> (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ at
> ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0
> 2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com): view
> internal-enp1s0f3: query failed (SERVFAIL) for
> aax-eu.amazon-adsystem.com/IN/ at ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.648 client @0x7fa2340836e0
> 2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com): view
> internal-enp1s0f2: query failed (SERVFAIL) for
> aax-eu.amazon-adsystem.com/IN/ at ../../../bin/named/query.c:6885
> 25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0
> 2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com): view
> internal-enp1s0f2: query failed (SERVFAIL) for
> aax-eu.amazon-adsystem.com/IN/ at ../../../bin/named/query.c:6885
>
> To me, it looks like, the requests try the  ipv6 addresses but they
> are not in IPv6 and because of that it gives a SERVFAIL.
> Is there a way to give a priority to the BIND9 request before the IPv6 and
> first try the IPv4 and if there is

Re: SERVFAIL on IPv6 tunnelbroker network

2018-07-25 Thread Dns Admin


Hi Patrik,

I don't see any SERVFAIL querying for this  record.  maybe 
your"internal-enp1s0f3" view is configured to bump this domain?


Kind Regards Peter

dig aax-eu.amazon-adsystem.com 

; <<>> DiG 9.10.2-P4 <<>> aax-eu.amazon-adsystem.com 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32650
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com.    IN  

;; AUTHORITY SECTION:
aax-eu.amazon-adsystem.com. 60  IN  SOA ns-924.amazon.com. 
root.amazon.com. 1532498091 3600 900 7776000 60


;; Query time: 67 msec
;; SERVER: 205.166.94.20#53(205.166.94.20)
;; WHEN: Wed Jul 25 05:59:58 UTC 2018
;; MSG SIZE  rcvd: 110


On 25/07/2018 07:52, Patrik wrote:

Hello!

How are you?
I started having a problem with BIND9. Something must have changed, 
because I start getting SERVFAIL a lot.

Looks like this:
25-Jul-2018 07:44:09.647 client @0x7fa268223c10 192.168.78.30#56577 
(aax-eu.amazon-adsystem.com ): view 
internal-enp1s0f3: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 
(aax-eu.amazon-adsystem.com ): view 
internal-enp1s0f2: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2440c7ef0 
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com 
): view internal-enp1s0f3: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 
(aax-eu.amazon-adsystem.com ): view 
internal-enp1s0f2: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0 
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com 
): view internal-enp1s0f3: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2340836e0 
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com 
): view internal-enp1s0f2: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0 
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com 
): view internal-enp1s0f2: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/ 
 at 
../../../bin/named/query.c:6885


To me, it looks like, the requests try the  ipv6 addresses but 
they are not in IPv6 and because of that it gives a SERVFAIL.
Is there a way to give a priority to the BIND9 request before the IPv6 
and first try the IPv4 and if there is no IPv4 result, then try IPv6. 
Because now, it gives a few SERVFAIL (I have to refresh the browser, 
to make it work to get), I guess, get the IPv4 if only works after a 
few refreshes.

Even, if I do a dig on it iit shows, there is no :
root@server:/etc/nginx/sites-enabled# dig aax-eu.amazon-adsystem.com 



; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com 


;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45e832118506bb5a0758eeb5b580e51c9b57c8a8d971011 (good)
;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com .INA

;; ANSWER SECTION:
aax-eu.amazon-adsystem.com . 
60INA52.94.216.48


;; AUTHORITY SECTION:
aax-eu.amazon-adsystem.com . 
860INNSns-921.amazon.com .
aax-eu.amazon-adsystem.com . 
860INNSns-911.amazon.com .
aax-eu.amazon-adsystem.com . 
860INNSns-932.amazon.com .
aax-eu.amazon-adsystem.com . 
860INNSns-931.amazon.com .
aax-eu.amazon-adsystem.com . 
860INNSns-912.amazon.com .
aax-eu.amazon-adsystem.com

Little confusion about BIND/AD [DNS] Setup

Re: SERVFAIL on IPv6 tunnelbroker network

Re: SERVFAIL on IPv6 tunnelbroker network

Re: SERVFAIL on IPv6 tunnelbroker network

Re: SERVFAIL on IPv6 tunnelbroker network

Re: SERVFAIL on IPv6 tunnelbroker network

Re: SERVFAIL on IPv6 tunnelbroker network

Re: SERVFAIL on IPv6 tunnelbroker network

Re: SERVFAIL on IPv6 tunnelbroker network

9 matches

Site Navigation

Mail list logo

Footer information