I am seeing occasional SERVFAILs when I flush BIND cache then run test queries with dig. Can someone let me know how BIND picks the authoritative server to query?
>From what I know, BIND picks an authoritative server by assign random RTT to >authoritative servers then queries the one with smallest RTT. If BIND picks an >ipv6 authoritative server, and it can't reach it due to iptables/networking >route and etc. Will it try the next authoritative which maybe an ipv4 >authoritative server? The particular record that I have problems is s.afl.com.au which has two auths (dns1.cscdns.net. and dns2.cscdns.net). Both of these auths have ipv4 and ipv6 address. This is how to run my tests: for i in {1..10}; do rndc flush; dig @localhost s.afl.com.au; sleep 3; done |grep -i status I wonder the SERVFAILs I see is due BIND picks the ipv6 auth which is not reachable and causes SERVFAILs. After I updated BIND (9.11.2) to only do ipv4, my test queries went fine without issues.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users