I am seeing occasional SERVFAILs when I flush BIND cache then run test queries
with dig.
Can someone let me know how BIND picks the authoritative server to query?
>From what I know, BIND picks an authoritative server by assign random RTT to
>authoritative servers then queries the one with smallest RTT. If BIND picks an
>ipv6 authoritative server, and it can't reach it due to iptables/networking
>route and etc. Will it try the next authoritative which maybe an ipv4
>authoritative server?
The particular record that I have problems is s.afl.com.au which has two auths
(dns1.cscdns.net. and dns2.cscdns.net). Both of these auths have ipv4 and ipv6
address. This is how to run my tests:
for i in {1..10}; do rndc flush; dig @localhost s.afl.com.au; sleep 3; done
|grep -i status
I wonder the SERVFAILs I see is due BIND picks the ipv6 auth which is not
reachable and causes SERVFAILs.
After I updated BIND (9.11.2) to only do ipv4, my test queries went fine
without issues.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
