I have a BIND (9.9.4)[1] server that runs well most of the time, but periodically it will start returning SERVFAIL for very high-level domains such as *.google.com, *.gstatic.com, *.github.com, etc. It seems to happen most frequently with Google domains, but I wonder if that is just a reflection on the percentage of queries I have for those here.
In any case when this happens, it will last a few minutes until it resolves itself and/or I issue an "rndc reload". That always seems to correct it if I don't care to wait it out. I'm wondering what the steps are to try to get to the bottom of this. I have a db dump (rndc dumpdb) as well as some trace (rndc trace x10) while this is happening. Is this enough? If so, what should I look for as a cause of the SERVFAILs? If not, what more do I need to collect? Do I need tracing enabled before the situation happens? What level (how many "rndc trace"s should I run)? Very greatful for any help. Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
