Re: SERVFAIL in BIND when resolving certain domains (.gov.co)

Am 01.11.2024 um 22:37:30 Uhr schrieb Marco Moock: > Both servers are reachable, via IPv6 using ICMP echo req, but the DNS > server isn't listening on UDP nor TCP. I have to catch that up: I don't receive any answer when querying UDP or TCP, also on other ports. Maybe it is also a firewall that s

Re: SERVFAIL in BIND when resolving certain domains (.gov.co)

Am 01.11.2024 um 16:30:55 Uhr schrieb Cesar Augusto Camacho Sierra: > Could this issue be related to some additional configuration in BIND > or is it possible that it is a bug in the cundinamarca.gov.co > delegation chain? I appreciate any guidance or suggestions for > additional testing. Proble

RE: SERVFAIL error during the evening

nd-users-requ...@lists.isc.org You can reach the person managing the list at bind-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of bind-users digest..." Today's Topics: 1. Re: rolling my own hints file

Re: SERVFAIL error during the evening

> I have configured qname to disabled for now. Once the issue is resolved, > I will set it to relaxed. I have provided a download link for the log > files and a dig +trace test for more details on this issue, which I do > not think is related to BIND or its configuration. Sami, Discussions of non

Re: SERVFAIL error during the evening

-users-ow...@lists.isc.org > > When replying, please edit your Subject line so it is more specific than > "Re: Contents of bind-users digest..." > > > Today's Topics: > >

RE: SERVFAIL error during the evening

Message: 1 Date: Tue, 25 Jun 2024 06:34:42 + (UTC) From: Michael Batchelder To: bind-users Cc: sami rahal Subject: Re: SERVFAIL error during the evening Message-ID: <646819319.2383375.1719297282567.javamail.zim...@isc.org> Content-Type: text/plain; charse

Re: SERVFAIL error during the evening

>> Hello Michael >> Thank you for your response. Here is a pcap file and some logs. > > Hello Sami, > > Your pcap shows your resolver making thousands of queries that get > no responses (or at least the pcap does not contain them). There's > not much I can say, beyond that this does not appear to

Re: SERVFAIL error during the evening

> Hello Michael > Thank you for your response. Here is a pcap file and some logs. Hello Sami, Your pcap shows your resolver making thousands of queries that get no responses (or at least the pcap does not contain them). There's not much I can say, beyond that this does not appear to be a proble

RE: SERVFAIL error during the evening

Hello Okay, thank you Andrews BR -Message d'origine- De : Mark Andrews Envoyé : vendredi 14 juin 2024 00:33 À : RAHAL Sami SOFRECOM Cc : ML BIND Users Objet : Re: SERVFAIL error during the ev

Re: SERVFAIL error during the evening

Before you do anything else change your rndc shared key as you published it. > On 14 Jun 2024, at 01:00, sami.ra...@sofrecom.com wrote: > > Hello community, > We are experiencing a resolution problem: 'SERVFAIL error'. Our environment > is BIND 9.16.48, OS: Redhat8. I am sharing with you a part

Re: SERVFAIL IPv6 debugging

Hi Bruce. There's potentially a bunch of things to note here. DNS conversations are independent of each other. The dig to your own server (dig -6 ec.europa.eu) may be over v4 or v6. But the subsequent queries that server makes (if any) may be over v4, or v6, or both. It depends how your server is c

Re: SERVFAIL IPv6 debugging

Hi Bruce, Kindly Check the actual root cause for this "SERVFAIL" error from the following log messages of your system. /var/log/messages With Regards. K.Sanjai Gandhi. - Original Message - From: "Bruce Duncan" To: bind-users@lists.isc.org Sent: Wednesday, January 18, 2023 6:01:32 PM S

Re: Servfail on Bind -9.16.1

Hello, Thank you. 1. DS record for com #dig DS com +dnssec ; <<>> DiG 9.16.1-Ubuntu <<>> DS com +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14029 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ;

Re: Servfail on Bind -9.16.1

> On 23 Nov 2020, at 13:37, upen wrote: > > Hi Mark and everyone, > > Thank you for continuing to help me. > I have set DNS validation to auto from no and restarted the bind9 service. > > # egrep dnssec-validation /etc/bind/named.conf.options > dnssec-validation auto; > > #dig +dnss

Re: Servfail on Bind -9.16.1

Hi Mark and everyone, Thank you for continuing to help me. I have set DNS validation to auto from no and restarted the bind9 service. # egrep dnssec-validation /etc/bind/named.conf.options dnssec-validation auto; #dig +dnssec +cd dnskey . ; <<>> DiG 9.16.1-Ubuntu <<>> +dnssec +cd dnskey

Re: Servfail on Bind -9.16.1

Ok. Lets start by debugging this from the trust anchor downwards. Lets see what "dig +dnssec +cd dnskey .” returns. It should return something like below with 2 DNSKEY records and a RRSIG for the DNSKEY. The RRSIG is regenerated daily so it will likely differ. The DNSKEY records should be a exac

Re: Servfail on Bind -9.16.1

ould be wrong somewhere on my end /network > . > > >> From: bind-users on behalf of julien > >> soula > >> Sent: Sunday, November 22, 2020 9:31:56 AM > >> To: upen > >> Cc: bind-users@lists.isc.org ; BIND Users < > >> bind-us...@

Re: Servfail on Bind -9.16.1

soula Sent: Sunday, November 22, 2020 9:31:56 AM To: upen Cc: bind-users@lists.isc.org ; BIND Users < bind-us...@isc.org> Subject: Re: Servfail on Bind -9.16.1 On Sat, Nov 21, 2020 at 03:20:26PM -0600, upen wrote: > .../... > default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a

Re: Servfail on Bind -9.16.1

To: upen > Cc: bind-users@lists.isc.org ; BIND Users < > bind-us...@isc.org> > Subject: Re: Servfail on Bind -9.16.1 > > On Sat, Nov 21, 2020 at 03:20:26PM -0600, upen wrote: > > .../... > > default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a0 > 127.

Re: Servfail on Bind -9.16.1

Also, just for testing. Similar happened to me. Try with ‘dnssec-validation no;’ From: bind-users on behalf of julien soula Sent: Sunday, November 22, 2020 9:31:56 AM To: upen Cc: bind-users@lists.isc.org ; BIND Users Subject: Re: Servfail on Bind -9.16.1 On

Re: Servfail on Bind -9.16.1

On Sat, Nov 21, 2020 at 03:20:26PM -0600, upen wrote: > .../... > default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a0 127.0.0.1#33706 > (www.facebook.com): query failed (broken trust chain) for > www.facebook.com/IN/A at query.c:6883 > dnssec.log:21-Nov-2020 15:11:18.008 validating www.face

Re: Servfail on Bind -9.16.1

On Sat, Nov 21, 2020 at 3:45 PM Fred Morris wrote: > Check your clock. Have you got NTP turned on? Is it working? If it's not, > flush cache/restart before you test again. > > Thank you Fred, Checked the time service , It's synced unless I am missing something. timedatectl timesync-status

Re: Servfail on Bind -9.16.1

Check your clock. Have you got NTP turned on? Is it working? If it's not, flush cache/restart before you test again. -- Fred Morris ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the devel

Re: Servfail on Bind -9.16.1

>packet capture (at a later point) https://dpaste.com/6FYQ4986D ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at h

Re: Servfail on Bind -9.16.1

Hello Ananad, and all, >www.facebook.com $ dig @127.0.0.1 -t A www.facebook.com ; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -t A www.facebook.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38917 ;; flags: qr rd ra; QUERY: 1, ANSWER:

Re: Servfail on Bind -9.16.1

On 21/11/2020 21:53, upen wrote: Hi Upen, > Could you someone guide me to troubleshoot this further? Thank you for the > list. Your instance of BIND is probably logging to syslog. Look for these logs (usually /var/log/messages), and see what BIND is logging. It may shed a light on the problem.

Re: Servfail on Bind -9.16.1

are not FQDN ... maybe www.facebook.com not only facebook.com only facebook.com could be referenced with an A record but maybe not www.facebook.com is a right query From: bind-users on behalf of upen Sent: Sa

Re: SERVFAIL when looking up TXT from particular domain

Hi Mark, >Given the message says "ran out of space” it indicates that a fixed buffer was >too small.  The lookup also works with current versions of BIND so I would >say the solution is to stop running EoL’d software and upgrade. I have upgraded to 9.14.3 and that has solved the issue. >There is

Re: SERVFAIL when looking up TXT from particular domain

Given the message says "ran out of space” it indicates that a fixed buffer was too small. The lookup also works with current versions of BIND so I would say the solution is to stop running EoL’d software and upgrade. There is also a ridiculous number of DNSKEYs and signatures. I suspect that the

RE: SERVFAIL when looking up TXT from particular domain

s-boun...@lists.isc.org] On Behalf Of > Carl Byington via bind-users > Sent: Thursday, 27 June 2019 11:17 AM > To: bind-users@lists.isc.org > Subject: Re: SERVFAIL when looking up TXT from particular domain > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Wed, 2019-06-2

Re: SERVFAIL when looking up TXT from particular domain

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2019-06-26 at 13:16 +, Dennis via bind-users wrote: > dig TXT cleanmail4.capgeminioutsourcing.nl @localhost dig TXT cleanmail4.capgeminioutsourcing.nl +nodnssec @ns1.capgeminioutsourcing.nl. ;; MSG SIZE rcvd: 124 dig TXT cleanmail4.c

Re: SERVFAIL when looking up TXT from particular domain

There's a huge amount of DNSSEC verbiage in the response to that query (4931-byte response from the authoritative nameservers), when querying with +dnssec. I'm guessing the resolver function of BIND might be having trouble with DNSSEC validation. At least, that's a hypothesis. I'm not familiar enou

Re: SERVFAIL and peak utilization

Hi, I'm still having a problem and haven't received any replies. Is there anyone with any ideas on how to troubleshoot this? What other information can I provide to help troubleshoot this? On Thu, Jul 26, 2018 at 5:49 PM, Alex wrote: > Hi, here is some further debugging on what I believe are q

Re: SERVFAIL and peak utilization

Hi, here is some further debugging on what I believe are queries involving SERVFAIL: 26-Jul-2018 17:44:40.168 query-errors: debug 1: client @0x7fbee80f39b0 127.0.0.1#61547 (69.248.70.96.bad.psky.me): query failed (SERVFAIL) for 69.248.70.96.bad.psky.me/IN/A at ../../../bin/named/query.c:8580 26-Ju

Re: SERVFAIL and peak utilization

Hi, I've made some performance adjustments although I really don't know whether it's correct, and it doesn't seem to have solved the problem. I also notice the SERVFAIL error seems to happen in bulk - it will happen for a while and then stop. It definitely seems to occur more during peak mail volu

Re: SERVFAIL and peak utilization

Hi, On Thu, Jul 26, 2018 at 1:57 PM, John Miller wrote: > Hi Alex, > > What does your query volume look like on this server? Depending on > volume, the BIND defaults for: > > - clients-per-query > - max-clients-per-query > - recursive-clients > - tcp-clients > > and others may not be set high en

Re: SERVFAIL and peak utilization

Hi Alex, What does your query volume look like on this server? Depending on volume, the BIND defaults for: - clients-per-query - max-clients-per-query - recursive-clients - tcp-clients and others may not be set high enough. Check pp. 106-108 in the latest 9.11 manual for more details on each o

Re: SERVFAIL on IPv6 tunnelbroker network

Is it possible that I have 2 routers on 1 server and 2 views? Should I just use 1 connection to the same server? I connect to to internet connection 1 for me downloading etc, and 1 for the input for web, email, etc... But I connected 2. The big problem is that I cannot turn off the server 2nd view,

Re: SERVFAIL on IPv6 tunnelbroker network

Hi Patrik, 192.168.81.20 appears to be matched to the internal-enp1s0f3 view. This view might not be able to resolve these external dns entries correctly what do you get when you try dig @192.168.81.20 com soa and dig @192.168.81.20 production.cloudflare.docker.com +trace Kind Regards Peter

Re: SERVFAIL on IPv6 tunnelbroker network

Hello! Thank you very much. So what do you mean "internal-enp1s0f3" view is configured to bump this domain? Is this a setting? It looks like this for my views: view "internal-enp1s0f3" { match-clients { "internal-enp1s0f3"; }; match-recursive-only yes; recursion yes; allow-recursio

Re: SERVFAIL on IPv6 tunnelbroker network

​ Hello! Thank you very much. So what do you mean "internal-enp1s0f3" view is configured to bump this domain? Is this a setting? It looks like this for my views: view "internal-enp1s0f3" { match-clients { "internal-enp1s0f3"; }; match-recursive-only yes; recursion yes; allow-recurs

Re: SERVFAIL on IPv6 tunnelbroker network

root@server:~# dig aax-eu.amazon-adsystem.com @ns-911.amazon.com +dnssec +norec ; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com @ ns-911.amazon.com +dnssec +norec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49254 ;; flags: qr aa;

Re: SERVFAIL on IPv6 tunnelbroker network

So what do you get to this command when run on the recursive server? dig aax-eu.amazon-adsystem.com @ns-911.amazon.com +dnssec +norec -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _

Re: SERVFAIL on IPv6 tunnelbroker network

Hello! Thank you very much. So what do you mean "internal-enp1s0f3" view is configured to bump this domain? Is this a setting? It looks like this for my views: view "internal-enp1s0f3" { match-clients { "internal-enp1s0f3"; }; match-recursive-only yes; recursion yes; allow-recursio

Re: SERVFAIL on IPv6 tunnelbroker network

Hi Patrik, I don't see any SERVFAIL querying for this record.  maybe your"internal-enp1s0f3" view is configured to bump this domain? Kind Regards Peter dig aax-eu.amazon-adsystem.com ; <<>> DiG 9.10.2-P4 <<>> aax-eu.amazon-adsystem.com ;; global options: +cmd ;; Got answer: ;;

Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)

Thanks Cathy. From: bind-users on behalf of Cathy Almond Sent: Monday, March 5, 2018 11:53:44 AM To: bind-users@lists.isc.org Subject: Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6) On 05/03/2018 05:50, Nagesh

Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)

Thanks Mark. From: bind-users on behalf of Mark Andrews Sent: Monday, March 5, 2018 11:51:06 AM To: Nagesh Thati Cc: bind-users@lists.isc.org Subject: Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6) > On 5

Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)

On 05/03/2018 05:50, Nagesh Thati wrote: > Hello, > > I have added a servfail-ttl 0; parameter in the named.conf file in the > global section and restarted the named, but named is not coming up and I > don't see any errors printing in the named.log. When I do a > named-checkconf on named.conf it i

Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)

> On 5 Mar 2018, at 4:50 pm, Nagesh Thati wrote: > > Hello, > > I have added a servfail-ttl 0; parameter in the named.conf file in the global > section and restarted the named, but named is not coming up and I don't see > any errors printing in the named.log. When I do a named-checkconf on >

Re: SERVFAIL takes precedence before RPZ policy action

>> We maintain a block list with RPZ on our BIND resolvers. I noticed that >> the RPZ policy action does not apply for domain names which SERVFAIL >> (i.e. cannot be resolved by the resolver because of a timeout, lame >> delegation etc.). > > RPZ applies to responses not queries. > > You can over

Re: SERVFAIL takes precedence before RPZ policy action

On 02/09/16 15:22, Daniel Stirnimann wrote: Hi all We maintain a block list with RPZ on our BIND resolvers. I noticed that the RPZ policy action does not apply for domain names which SERVFAIL (i.e. cannot be resolved by the resolver because of a timeout, lame delegation etc.). RPZ applies to r

Re: SERVFAIL on stub zone (WAS: dig @server foobar +trace +recurse)

Tony Finch suggested: >> (I'm syslogging default "syslog_all", minus edns-disabled, >> lame-servers, rpz, and unmatched.) > > Excluding lame-servers might be why you aren't seeing any log > messages. I tried un-excluding it: nothing. >> zone "concordia.ca" { >> type stub; >>

Re: SERVFAIL on stub zone (WAS: dig @server foobar +trace +recurse)

Anne Bennett wrote: > > It all looks just peachy, but when I issued: > dig @localhost -t ns concordia.ca. > it gave me a SERVFAIL. I couldn't find anything abnormal > in the syslogs. I can't for the life of my figure out why > it's unhappy. How can I debug this? Try rndc trace 10. The debug

Re: SERVFAIL on stub zone (WAS: dig @server foobar +trace +recurse)

> zone "concordia.ca" { > type stub; > file "StubData/concordia.ca.SEC"; > masters { > 132.205.1.1 ; > 132.205.7.51 ; > }; > multi-master yes; > }; [results in transferring:] > ---

Re: servfail only for a zone

Il 13/07/2015 20:47, John Miller ha scritto: the zone being expired is the most likely. Check everything: - physical connectivity between ns2 and ns1 That was the problem. I recently changed iptables rules on ns1 and forgot to test this little thing. The other zones weren't failing becaus

Re: servfail only for a zone

On Mon, Jul 13, 2015 at 2:15 PM, Lucio Crusca wrote: > > You have been persuasive enough, I'm definitely going to raise the expire > value, but now the question is: are the SERVFAIL replies a consequence of > the low expire value? > It doesn't help your cause _at_all_. There could be a few reas

Re: servfail only for a zone

Il 13/07/2015 20:21, Reindl Harald ha scritto: zone transerfs are retried often, but that don't help with such low expire times, the question still remains why they are failing on the same host, but that's not a bind problem I'm pretty sure it's not a bind problem (I'm not pretending it's

Re: servfail only for a zone

Am 13.07.2015 um 20:15 schrieb Lucio Crusca: Il 13/07/2015 19:51, Darcy Kevin (FCA) ha scritto: Half an hour is ridiculous, to be honest. Unless you have 24x7x365 eyes-on-glass looking for zone transfer failures *constantly* and ready and able to *instantly* pounce on any such problems and fix

RE: servfail only for a zone

...@lists.isc.org] On Behalf Of Lucio Crusca Sent: Monday, July 13, 2015 2:15 PM To: bind-users Subject: Re: servfail only for a zone Il 13/07/2015 19:51, Darcy Kevin (FCA) ha scritto: Half an hour is ridiculous, to be honest. Unless you have 24x7x365 eyes-on-glass looking for zone transfer failures

Re: servfail only for a zone

Il 13/07/2015 19:51, Darcy Kevin (FCA) ha scritto: Half an hour is ridiculous, to be honest. Unless you have 24x7x365 eyes-on-glass looking for zone transfer failures *constantly* and ready and able to *instantly* pounce on any such problems and fix them within minutes. You have been persuas

RE: servfail only for a zone

. - Kevin From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of John Miller Sent: Monday, July 13, 2015 1:33 PM To: Lucio Crusca Cc: bind-users Subject: Re: servfail only for a zone Something I'm not

Re: servfail only for a zone

On Jul 13, 2015, at 10:34 AM, Lucio Crusca wrote: [ ... ] > Yes the zone failed to update, I know because if I raise the seqno @ns1, it > tries to update and it keeps failing. I don't understand why it fails. I > doubt a Cisco router is to blame here because ns1 and ns2 are two guests of > the

Re: servfail only for a zone

Il 13/07/2015 19:21, Reindl Harald ha scritto: check if the zone failed to update from the master and has expired, been there due a cisco router with "DNS ALG" enabled leading only a few large zones fail to transfer Yes the zone failed to update, I know because if I raise the seqno @ns1,

Re: servfail only for a zone

Something I'm noticing is that your SOA record fields are quite small: aquilacorde.com.3600INSOAns1.virtualbit.it. info.aquilacorde.com. 2015070601 1200 180 3600 3600 Specifically, your expiration time (first of the 3600s) is set to one hour. This means that if ns2 hasn't contact

Re: servfail only for a zone

Am 13.07.2015 um 19:19 schrieb Lucio Crusca: I have two nameservers, the master and its slave, and they work ok for several zones. However for one of the zones (aquilacorde.com), the slave replies with SERVFAIL, and I don't understand why check if the zone failed to update from the master and

Re: SERVFAIL @google

Did you check the serial? and double check. I mean the serial of your uploaded new data. I have once missed that to the effect that no updates happened. On February 10, 2014 12:29:41 PM CET, Lucio Crusca wrote: >In data lunedì 10 febbraio 2014 11:25:59, Steven Carr ha scritto: >> On 10 February

Re: SERVFAIL @google

In data lunedì 10 febbraio 2014 11:25:59, Steven Carr ha scritto: > On 10 February 2014 11:20, Lucio Crusca wrote: > > Ok, so what should I do now? I want the NS records to point to > > ns0|1.virtual-bit.com. Should I change anything in my zone file or should > > I > > open a new ticket at my doma

Re: SERVFAIL @google

On 10 February 2014 11:20, Lucio Crusca wrote: > Ok, so what should I do now? I want the NS records to point to > ns0|1.virtual-bit.com. Should I change anything in my zone file or should I > open a new ticket at my domain provider? Contact the domain provider and ask them to either update the re

Re: SERVFAIL @google

In data lunedì 10 febbraio 2014 11:16:11, Steven Carr ha scritto: > On 10 February 2014 11:10, Lucio Crusca wrote: > > How did you find that NS servers are ns1.customer.seflow.it and > > ns2.customer.seflow.it? They should be ns0.virtual-bit.com and > > > ns1.virtual-bit.com (see zone file) and h

Re: SERVFAIL @google

On 10 February 2014 11:10, Lucio Crusca wrote: > How did you find that NS servers are ns1.customer.seflow.it and > ns2.customer.seflow.it? They should be ns0.virtual-bit.com and > ns1.virtual-bit.com (see zone file) and here dig says exactly that: Trace it from the root, your glue records aren't

Re: SERVFAIL @google

In data lunedì 10 febbraio 2014 09:41:26, Steven Carr ha scritto: > On 10 February 2014 09:01, Lucio Crusca wrote: > > Sorry, I thought I might be making some obvious mistake so that you > > wouldn't need the actual zone to spot it. > > > > ; > > ; BIND data file for softwareliberopinerolo.org >

Re: SERVFAIL @google

On 10 February 2014 09:01, Lucio Crusca wrote: > Sorry, I thought I might be making some obvious mistake so that you wouldn't > need the actual zone to spot it. > > ; > ; BIND data file for softwareliberopinerolo.org > ; That zone file must be out of date. The record being returned now is an A re

Re: SERVFAIL @google

In data lunedì 10 febbraio 2014 07:51:52, Mark Andrews ha scritto: > Post the zone name and the actual content unaltered if you > want help. > > Stop wasting everyones time by hiding this information. Sorry, I thought I might be making some obvious mistake so that you wouldn't

Re: SERVFAIL @google

Post the zone name and the actual content unaltered if you want help. Stop wasting everyones time by hiding this information. Mark In message <1900686.b2zHOhH0XN@fx>, Lucio Crusca writes: > Hello everybody, > > I have a domain which fails since a few days ago wh

Re: SERVFAIL when two SOA in the domain

In message <20130829182253.ga13...@laperouse.bortzmeyer.org>, Stephane Bortzmey er writes: > One of my contacts noticed that you cannot query 42.fr's SOA with > BIND: SERVFAIL. Querying other types, or using Unbound (or Google > Public DNS) instead of BIND works. > > The only thing special he see

Re: SERVFAIL when two SOA in the domain

When RFC 1035 was written, the strict rules between SHOULD/MUST didn't yet exist. That "should" is to be considered a MUST from the standpoint of modern RFCs. - Kevin On 8/29/2013 2:31 PM, Steven Carr wrote: On 29 August 2013 19:22, Stephane Bortzmeyer wrote: I'm not sur

Re: SERVFAIL when two SOA in the domain

On 29 August 2013 19:22, Stephane Bortzmeyer wrote: > I'm not sure of what the RFC say about that... While RFC 1035 doesn't seem to explicitely say that multiple are forbidden, or how to handle the case of multiple records, it does state under section 5.2. (Use of master files to define zones):

Re: servfail response message question

please skip privcate messages - I do read the list. On 27.06.13 09:47, RYAN CHERVENKA wrote: Here is the example.com zone file and example.com db file, without the record. ;alias to GSLB for www www     IN      CNAME   www.gslb.example.com. ;sub-domain delegation to LB gslb IN NS  LB1

Re: servfail response message question

2013 3:25 AM Subject: Re: servfail response message question On 26.06.13 13:20, RYAN CHERVENKA wrote: >The Ubuntu server is delegating a sub-domain to the LB. The LB is > authoritative for the domain and is responding to client requests for the domain or the subdomain? > correctly. 

Re: servfail response message question

On 26.06.13 13:20, RYAN CHERVENKA wrote: The Ubuntu server is delegating a sub-domain to the LB. The LB is authoritative for the domain and is responding to client requests for the domain or the subdomain? correctly. I removed the @  IN ::1 from the db file within the primary domain and

Re: servfail response message question

In message , Barry Margolin writes: > P.S. I read this list through the comp.protocols.dns.bind newsgroup. > Does anyone know why some messages, like Ryan's, show up with control > characters replaced by weird characters (e.g. TAB turns into daggers)? > Can something be fixed in the mail-to-ne

Re: servfail response message question

mail-to-news gateway? > Ryan From: Barry Margolin > To: comp-protocols-dns-b...@isc.org Sent: Wednesday, > June 26, 2013 10:24 AM Subject: Re: servfail response message question In > article , RYAN > CHERVENKA wrote: > I currently have a domain > example

Re: servfail response message question

. Leaving the ipv6 RR in the zone db file caused the servfail. I don't know why. Thanks, Ryan From: Barry Margolin To: comp-protocols-dns-b...@isc.org Sent: Wednesday, June 26, 2013 10:24 AM Subject: Re: servfail response message question In article ,

Re: servfail response message question

In article , RYAN CHERVENKA wrote: > I currently have a domain example.com authoritative on my Ubuntu server and > it is delegating gslb.example.com to my load balancer.Ý www.example.com is a > CNAME for www.gslb.example.comÝ Gslb.example.com has an NS record pointing to > the LB Client sen

Re: servfail response message question

I took out the ipv6 info in the zone DB file for this to work. I added it back into the file and it worked and then three queries later it gave the servfail response. It doesn't like the record. Thank you, Ryan On Jun 25, 2013, at 8:42 PM, Mark Andrews wrote: > > In message <13722061

Re: servfail response message question

In message <1372206137.34187.yahoomail...@web161406.mail.bf1.yahoo.com>, RYAN C HERVENKA writes: > > I currently have a domain example.com authoritative on my Ubuntu server > and it is delegating gslb.example.com to my load balancer. > > www.example.com is a CNAME for www.gslb.example.com > Gslb.e

RE: SERVFAIL with ocsp.entrust.net.

> Ralph F. Bischof, Jr. > NASA Agency IPAM/DNS/DHCP > SAIC/NICS > 256-544-3982 > > > > > > -Original Message- > > From: Mark Andrews [mailto:ma...@isc.org] > > Sent: Tuesday, April 24, 2012 10:44 AM > > To: Bischof, Ralph F. (MSFC-

Re: SERVFAIL with ocsp.entrust.net.

s.isc.org] On Behalf > > Of Barry Margolin > > Sent: Tuesday, April 24, 2012 9:37 AM > > To: comp-protocols-dns-b...@isc.org > > Subject: Re: SERVFAIL with ocsp.entrust.net. > > > > In article , > > "Bischof, Ralph F. (MSFC-IS40)[NICS]" wrote:

RE: SERVFAIL with ocsp.entrust.net.

> -Original Message- > From: bind-users-bounces+ralph.bischof=nasa@lists.isc.org > [mailto:bind-users-bounces+ralph.bischof=nasa@lists.isc.org] On Behalf > Of Barry Margolin > Sent: Tuesday, April 24, 2012 9:37 AM > To: comp-protocols-dns-b...@isc.org > Subje

Re: SERVFAIL with ocsp.entrust.net.

Perhaps provide the ocsp.entrust.net folks 3rd party evaluation tool(s) to identify areas of concerns? For example, here are two: http://www.dnsvalidation.com/reports/4f96bdec7d79ee78db44 http://www.intodns.com/ocsp.entrust.net These find more than one critical item to fix. Why is everyone

Re: SERVFAIL with ocsp.entrust.net.

In article , "Bischof, Ralph F. (MSFC-IS40)[NICS]" wrote: > Hello, > > I have been trying to find out why my caching servers are giving > SERVFAIL as > an answer for any type of query except for an A record for the domain in the > subject. Whether I try a , TXT, SOA, PTR, TXT, etc,

Re: servfail are not cached!

Thanks. 2011/9/27 Jan-Piet Mens > On Tue Sep 27 2011 at 17:32:22 CEST, Issam Harrathi wrote: > > > and you say here it's cached for 30 seconds?! > > Evan said: > > > and we've discussed implementing it in BIND9, but haven't had time yet. > > In other words, they are *not* cached in BIND9. > >

Re: servfail are not cached!

On Tue Sep 27 2011 at 17:32:22 CEST, Issam Harrathi wrote: > and you say here it's cached for 30 seconds?! Evan said: > and we've discussed implementing it in BIND9, but haven't had time yet. In other words, they are *not* cached in BIND9. -JP __

Re: servfail are not cached!

Actually he said the DNS protocol allows for it and ISC had been considering adding it. -Ben Croswell On Sep 27, 2011 11:38 AM, "Issam Harrathi" wrote: > As i test it's not cached at all, and you say here it's cached for 30 > seconds?! > i'm using 9.7.2-P3. > > 2011/9/27 Evan Hunt > >> > I disco

Re: servfail are not cached!

As i test it's not cached at all, and you say here it's cached for 30 seconds?! i'm using 9.7.2-P3. 2011/9/27 Evan Hunt > > I discover that servfail are not cached. is it normal? > > Yes, that's normal. > > Temporary negative caching of SERVFAIL responses for a limited period (up > to 30 seconds

Re: servfail are not cached!

> I discover that servfail are not cached. is it normal? Yes, that's normal. Temporary negative caching of SERVFAIL responses for a limited period (up to 30 seconds, if I recall correctly) is permitted by the DNS protocol, and we've discussed implementing it in BIND9, but haven't had time yet. -

Re: SERVFAIL

I have again started servfail error for the some domain Regards, kshitij On Mon, Sep 19, 2011 at 5:34 PM, kshitij mali wrote: > What is did now is i have update the named.root file from internic website > and restarted the named service , and the domain completefreight.net.au > started resolvin

Re: SERVFAIL

What is did now is i have update the named.root file from internic website and restarted the named service , and the domain completefreight.net.au started resolving imediately i will monitor the resolv failuer error and update the status to u all Regards, Kshitij On Fri, Sep 16, 2011 at 12:53 AM

Re: SERVFAIL

On 9/15/2011 4:14 AM, kshitij mali wrote: > ; <<>> DiG 9.2.4 <<>> completefreight.net.au [...] If your version of BIND matches your version of dig, all bets are off. Please upgrade and see if you continue to have problems. AlanC signature.asc Description: OpenPGP digital signature __

Re: SERVFAIL

Due to the fact that IPV4 addresses have run out, many addresses that were reserved have been un-reserved and used on the internet. Is it possible that you have a bogon filter file that is blocking this IP ? On 15 Sep, 2011, at 2:14 PM, kshitij mali wrote: > Hello ALL, > > > I repeated see do

  1   2   >