[nsd-users] Trying to understand a SERVFAIL
Pim van Pelt
pim at ipng.nl
Mon Dec 28 22:03:51 UTC 2009
Hoi,
Addendum, see inline:
On Mon, Dec 28, 2009 at 7:25 PM, Pim van Pelt <pim at ipng.nl> wrote:
> Hoi,
>
> I've loaded two zones, paphosting.net and l.paphosting.net (see [1])
> on three nameservers (ns.paphosting.{net,nl.eu}). These nameservers
> serve requests generally fine and authoritatively (for example,
> http0.l.paphosting.net resolves to two A and two AAAA records).
> However, on some resolvers (and some, but not all client),
> intermittently, I get unexpected answers (SERVFAIL), and looking at
> tcpdump output it seems that perhaps there is a bit of a weird answer
> coming from NSD.
>
> The client (on hispeed.ch, a caching nameserver running bind 9.4.2 on
> OpenBSD 4.3) is speaking to an NSD (on bit.nl, an nsd authoritative
> nameserver running 3.2.2 on Linux 2.6/Ubuntu LTS 8.04). Using host(1),
> I can expose this issue, while using dig(1) I cannot. So running
> """host -t A www.paphosting.net 192.168.2.1""", here's the resulting
> UDP conversation[2] - it shows SERVFAIL, and seems to try each of the
> 3 nameservers twice, in turn, before giving up.
>
> I observed each NSD giving an odd answer:
> http0.l.paphosting.net. A nlede01.paphosting.net.122.109.193.in-addr.arpa
> http0.l.paphosting.net. A http.weirdnet.nl
>
> the first record is not my intention, and perhaps a clue.
This is not a clue, because in 122.109.193.in-addr.arpa., also served
by the same nameservers, I had omitted the trailing '.' behind
nlede01.paphosting.net; which made it become that *.arpa address. This
is now fixed,
but the issue remains. The rest is simply an artifact from tcpdump,
which translates all IP addresses to names :)
The issue itself, as described in the original post, remains.
--
Pim van Pelt <pim at ipng.nl>
PBVP1-RIPE - http://www.ipng.nl/
More information about the nsd-users
mailing list