Hi, > On Thu, Sep 27, 2018 at 10:53:25AM -0400, Alex wrote: > > Many of these values I've already tweaked and have had no effect on my > > SERVFAIL issues :-( > > If you are getting SERVFAILs from a BIND resolver you administer, then > it has responded to your query. If you turn up the log level to > something like -d 99, it'll print the steps that led to that SERVFAIL. > Usually you'll find something there that directs you to next steps. > > On this topic, my home resolver is also a stock packaged BIND version as > you, and I too see spurious SERVFAILs sometimes. I used to think this > was due to too much indirection, e.g., when named starts up and you run: > > dig -x 176.9.81.50
It doesn't typically happen when running from the command-line. It does occasionally happen, though. I usually run something like "dig +all +trace +nodnssec <hostname>". It sometimes times out in the middle, with something like "cannot resolve xyz host", which may even be one of the root servers. I also typically run it with "rndc trace 11" which shows me quite a bit of debugging info - too much to look through manually. With trace 99, I can imagine it being overwhelming amount of info. Do you have any ideas of what to look for? "query-errors"? Also, I also see other SERVFAIL errors that really are SERVFAIL errors - when querying the host manually, it still responds immediately with SERVFAIL. Thanks, Alex > > on a cold cache. However it seems to be returning SERVFAIL sometimes for > what should be a cached answer. I'll also turn up the debug logging and > watch it. > > Mukund _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
