Re: BIND DNS problem (?)
On Sep 26, 2018, at 07:52, Jukka Pakkanen wrote: > Still Symantec "enterprise support technician" claims the problem is on our > DNS servers, and as a "proof" send the chapter 4.1.1 of the RFC1035, where it > is stated that "code 2 = server failure", and this should prove that our > servers are not working because they got "server failure" error ;-) Somehow, this coming from someone at Symantec is not at all surprising. -- My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND DNS problem (?)
Yes looks like that, also this problem started suddenly, affects all our SMG & DNS servers, so very unlikely the problem is on our end. Still Symantec "enterprise support technician" claims the problem is on our DNS servers, and as a "proof" send the chapter 4.1.1 of the RFC1035, where it is stated that "code 2 = server failure", and this should prove that our servers are not working because they got "server failure" error ;-) Jukka -Original Message- From: Tony Finch [mailto:d...@dotat.at] Sent: keskiviikko 26. syyskuuta 2018 15.06 To: Jukka Pakkanen Cc: bind-users@lists.isc.org Subject: RE: BIND DNS problem (?) Jukka Pakkanen wrote: > Now got some more debug info, but does it help finding out why we get > the server failure? The DNS servers for smg.brightmail.com are broken. They drop most queries which causes all sorts of problems. Tony. -- f.anthony.n.finchhttp://dotat.at/ Humber, Thames: Southwest 4 or 5, occasionally 6 at first. Slight or moderate, but rough at first in Humber. Fair. Good, occasionally moderate. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND DNS problem (?)
Jukka Pakkanen wrote: > Now got some more debug info, but does it help finding out why we get > the server failure? The DNS servers for smg.brightmail.com are broken. They drop most queries which causes all sorts of problems. Tony. -- f.anthony.n.finchhttp://dotat.at/ Humber, Thames: Southwest 4 or 5, occasionally 6 at first. Slight or moderate, but rough at first in Humber. Fair. Good, occasionally moderate. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND DNS problem (?)
Now got some more debug info, but does it help finding out why we get the
server failure?
26-syyskuuta-2018 15.46.33.999 client @024562471630 62.142.220.9#8179
(1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 15.46.33.999 client @024561EFABC0 62.142.220.9#37637
(1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 15.46.33.999 fetch completed at ..\resolver.c:4175 for
1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com/TXT in 10.014952:
timed out/success
[domain:smg.ultra.brightmail.com,referral:2,restart:2,qrysent:7,timeout:6,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
26-syyskuuta-2018 15.46.33.999 fetch completed at ..\resolver.c:4175 for
31b126c2f9ec0fb531fb6f408760df5c.smg.ultra.brightmail.com/TXT in 10.014952:
timed out/success
[domain:smg.ultra.brightmail.com,referral:2,restart:2,qrysent:7,timeout:6,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
26-syyskuuta-2018 15.46.33.999 client @024562641060 62.142.220.9#63769
(31b126c2f9ec0fb531fb6f408760df5c.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 31b126c2f9ec0fb531fb6f408760df5c.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
...
Jukka
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jukka
Pakkanen
Sent: keskiviikko 26. syyskuuta 2018 11.55
To: bind-users@lists.isc.org
Subject: RE: BIND DNS problem (?)
Started logging named now, but don't see much debug information with these
logging settings:
logging {
category lame-servers { null; };
category edns-disabled { null; };
category security { security_file; };
category queries { queries_file; };
category resolver { resolver_file; };
category query-errors { query-errors_file; };
channel query-errors_file {
file "d:/logs/named/query-errors.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel queries_file {
file "d:/logs/named/queries.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel resolver_file {
file "d:/logs/named/resolver.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel security_file {
file "d:/logs/named/security.log" versions 3 size 5m;
severity debug;
print-time yes;
};
};
Query-errors:
26-syyskuuta-2018 12.00.59.794 client @01F5160E7150 62.142.220.9#28667
(73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F516751E40 62.142.220.9#48236
(6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F51768CA50 62.142.220.9#47990
(73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
...
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jukka
Pakkanen
Sent: Wednesday, September 26, 2018 2:46 AM
To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
Subject: BIND DNS problem (?)
We are running a couple of Symantec SMG servers, and their DNS clients are
configured to use your BIND 9.12.2 DNS servers.
In both SMG servers we get the same DNS "server failure" error from all our DNS
servers when they do some TXT queries to SMG:
http://www.qnet.fi/jp/dns.png
(sorry for the bad quality/format, hope you can zoom in. That's all I got from
Symantec when contacting their support, and they claim the problem is in our
DNS servers because of the "server failure" error).
Anyway, I suppose the problem is related to these, in the response:
Answer authenticated: Answer/authority portion was not authenticated by the
server
Non-authenticated data: Unacceptable
Sooo, any ideas what does this mean, is the problem in out BIND servers, or in
the other end?
Jukka
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND DNS problem (?)
Started logging named now, but don't see much debug information with these
logging settings:
logging {
category lame-servers { null; };
category edns-disabled { null; };
category security { security_file; };
category queries { queries_file; };
category resolver { resolver_file; };
category query-errors { query-errors_file; };
channel query-errors_file {
file "d:/logs/named/query-errors.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel queries_file {
file "d:/logs/named/queries.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel resolver_file {
file "d:/logs/named/resolver.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel security_file {
file "d:/logs/named/security.log" versions 3 size 5m;
severity debug;
print-time yes;
};
};
Query-errors:
26-syyskuuta-2018 12.00.59.794 client @01F5160E7150 62.142.220.9#28667
(73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F516751E40 62.142.220.9#48236
(6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F51768CA50 62.142.220.9#47990
(73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
...
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jukka
Pakkanen
Sent: Wednesday, September 26, 2018 2:46 AM
To: bind-users@lists.isc.org
Subject: BIND DNS problem (?)
We are running a couple of Symantec SMG servers, and their DNS clients are
configured to use your BIND 9.12.2 DNS servers.
In both SMG servers we get the same DNS "server failure" error from all our DNS
servers when they do some TXT queries to SMG:
http://www.qnet.fi/jp/dns.png
(sorry for the bad quality/format, hope you can zoom in. That's all I got from
Symantec when contacting their support, and they claim the problem is in our
DNS servers because of the "server failure" error).
Anyway, I suppose the problem is related to these, in the response:
Answer authenticated: Answer/authority portion was not authenticated by the
server
Non-authenticated data: Unacceptable
Sooo, any ideas what does this mean, is the problem in out BIND servers, or in
the other end?
Jukka
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND DNS problem (?)
Started logging named now, but don't see much debug information with these
logging settings:
logging {
category lame-servers { null; };
category edns-disabled { null; };
category security { security_file; };
category queries { queries_file; };
category resolver { resolver_file; };
category query-errors { query-errors_file; };
channel query-errors_file {
file "d:/logs/named/query-errors.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel queries_file {
file "d:/logs/named/queries.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel resolver_file {
file "d:/logs/named/resolver.log" versions 3 size 5m;
severity debug;
print-time yes;
};
channel security_file {
file "d:/logs/named/security.log" versions 3 size 5m;
severity debug;
print-time yes;
};
};
Query-errors:
26-syyskuuta-2018 12.00.59.794 client @01F5160E7150 62.142.220.9#28667
(73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F516751E40 62.142.220.9#48236
(6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F51768CA50 62.142.220.9#47990
(73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F5173936D0 62.142.220.9#46275
(6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F5173951F0 62.142.220.9#13544
(84cbbbe69327045981177902b6ed7539.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 84cbbbe69327045981177902b6ed7539.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F5170931C0 62.142.220.9#26021
(56909d41023d9bee0e972fa4ca487314.smg.ultra.brightmail.com): query failed
(SERVFAIL) for 56909d41023d9bee0e972fa4ca487314.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @01F517390E20 62.142.220.9#35961
(fb74971ab843d9ef29b498a817f135a0.smg.ultra.brightmail.com): query failed
(SERVFAIL) for fb74971ab843d9ef29b498a817f135a0.smg.ultra.brightmail.com/IN/TXT
at ..\query.c:10692
From: Jukka Pakkanen
Sent: keskiviikko 26. syyskuuta 2018 10.17
To: 'bind-users@lists.isc.org'
Subject: RE: BIND DNS problem (?)
Updated the pic, should be readable now... posting the pcap later.
Jukka
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of John W.
Blue via bind-users
Sent: keskiviikko 26. syyskuuta 2018 9.50
To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
Subject: RE: BIND DNS problem (?)
I could not zoom in to see anything. Please post a better screenshot or better
yet post the .pcap itself for download and review.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jukka
Pakkanen
Sent: Wednesday, September 26, 2018 2:46 AM
To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
Subject: BIND DNS problem (?)
We are running a couple of Symantec SMG servers, and their DNS clients are
configured to use your BIND 9.12.2 DNS servers.
In both SMG servers we get the same DNS "server failure" error from all our DNS
servers when they do some TXT queries to SMG:
http://www.qnet.fi/jp/dns.png
(sorry for the bad quality/format, hope you can zoom in. That's all I got from
Symantec when contacting their support, and they claim the problem is in our
DNS servers because of the "server failure" error).
Anyway, I suppose the problem is related to these, in the response:
Answer authenticated: Answer/authority portion was not authenticated by the
server
Non-authenticated data: Unacceptable
Sooo, any ideas what does this mean, is the problem in out BIND servers, or in
the other end?
Jukka
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND DNS problem (?)
Updated the pic, should be readable now... posting the pcap later. Jukka From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of John W. Blue via bind-users Sent: keskiviikko 26. syyskuuta 2018 9.50 To: bind-users@lists.isc.org Subject: RE: BIND DNS problem (?) I could not zoom in to see anything. Please post a better screenshot or better yet post the .pcap itself for download and review. John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jukka Pakkanen Sent: Wednesday, September 26, 2018 2:46 AM To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> Subject: BIND DNS problem (?) We are running a couple of Symantec SMG servers, and their DNS clients are configured to use your BIND 9.12.2 DNS servers. In both SMG servers we get the same DNS "server failure" error from all our DNS servers when they do some TXT queries to SMG: http://www.qnet.fi/jp/dns.png (sorry for the bad quality/format, hope you can zoom in. That's all I got from Symantec when contacting their support, and they claim the problem is in our DNS servers because of the "server failure" error). Anyway, I suppose the problem is related to these, in the response: Answer authenticated: Answer/authority portion was not authenticated by the server Non-authenticated data: Unacceptable Sooo, any ideas what does this mean, is the problem in out BIND servers, or in the other end? Jukka ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND DNS problem (?)
I could not zoom in to see anything. Please post a better screenshot or better yet post the .pcap itself for download and review. John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jukka Pakkanen Sent: Wednesday, September 26, 2018 2:46 AM To: bind-users@lists.isc.org Subject: BIND DNS problem (?) We are running a couple of Symantec SMG servers, and their DNS clients are configured to use your BIND 9.12.2 DNS servers. In both SMG servers we get the same DNS "server failure" error from all our DNS servers when they do some TXT queries to SMG: http://www.qnet.fi/jp/dns.png (sorry for the bad quality/format, hope you can zoom in. That's all I got from Symantec when contacting their support, and they claim the problem is in our DNS servers because of the "server failure" error). Anyway, I suppose the problem is related to these, in the response: Answer authenticated: Answer/authority portion was not authenticated by the server Non-authenticated data: Unacceptable Sooo, any ideas what does this mean, is the problem in out BIND servers, or in the other end? Jukka ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
