-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/10/2011 04:19 PM, Chuck Swiger wrote:
> On Feb 10, 2011, at 12:39 PM, Ryan Novosielski wrote:
>> health.nyc.gov query-errors:
>>
>> 10-Feb-2011 15:32:30.682 query-errors: debug 1: client
>> 130.219.34.129#55935: query failed (SERVFAIL) for health.nyc.gov/IN/MX
>> at query.c:4630
>> 10-Feb-2011 15:32:30.682 query-errors: debug 2: fetch completed at
>> resolver.c:3057 for health.nyc.gov/MX in 0.000046: failure/success
>> [domain:nyc.GOV,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:4,findfail:0,valfail:0
>
> The adberr count looks like it can only be incremented by two code sections
> in lib/dns/resolver.c:
>
> if (result != ISC_R_SUCCESS) {
> if (result == DNS_R_ALIAS) {
> /*
> * XXXRTH Follow the CNAME/DNAME chain?
> */
> dns_adb_destroyfind(&find);
> fctx->adberr++;
> }
> }
>
> [ ...and... ]
>
> if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0)
> fctx->lamecount++; /* cached lame server */
> else
> fctx->adberr++; /* unreachable server, etc. */
>
> This implies a connectivity issue between your client and the nyc.gov
> nameservers, I think.
> But there are local wizards lurking who are much more familiar with the code
> than I....It is starting to appear as if this is an issue relating to EDNS, though I can't see specifically how. It does not appear to even be a size related issue, but instead possibly something to do with packet fragmentation. I built a BIND 9.6.2 server on a CentOS VM -- works fine off our network (connected via Verizon Wireless), but does not work on campus. What I don't quite understand is why querying say 8.8.8.8 with a copy of dig on our network would work. Isn't the same thing ultimately going to have to pass through the same place in our firewall/network eventually whether it's a nameserver asking for it or a client? - -- - ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1VfigACgkQmb+gadEcsb6i8gCgm2YnVtwVFTycUKK/JQgM9eTP 6WoAnAuZ31BQR4+xdWbyc9+tur1joI9i =CIn8 -----END PGP SIGNATURE-----
<<attachment: novosirj.vcf>>
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
