Hi Rob,
Thank you for your message. Yes, I've already done all that. (got the latest root zone, restart named each time I switch from forwarders to non-forwarders, etc...). I am using lip6.fr as an example because it hosts some mirrors for Fedora Linux but I am pretty sure it's not the only site.

On the other hand, I think you might be right.. on a RHEL9 host in Canada, even with the same configuration as here in EMEA, I don't reproduce the issue anymore:

# dig -t dnskey lip6.fr.

; <<>> DiG 9.16.23-RH <<>> -t dnskey lip6.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31209
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;lip6.fr.                       IN      DNSKEY

;; AUTHORITY SECTION:
lip6.fr.                3600    IN      SOA     osiris.lip6.fr. 
hostmaster.lip6.fr. 2025042900 21600 3600 3600000 3600

;; Query time: 134 msec
;; SERVER: 213.186.33.99#53(213.186.33.99)
;; WHEN: Thu May 01 15:44:14 UTC 2025
;; MSG SIZE  rcvd: 90


,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,
Vincent S. Cojot, Computer Engineering. STEP project. _.,-*~'`^`'~*-,._.,-*~
Ecole Polytechnique de Montreal, Comite Micro-Informatique. _.,-*~'`^`'~*-,.
Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'
http://step.polymtl.ca/~coyote  _.,-*~'`^`'~*-,._ coy...@nospam4cojot.name

They cannot scare me with their empty spaces
Between stars - on stars where no human race is
I have it in me so much nearer home
To scare myself with my own desert places.       - Robert Frost



On Thu, 1 May 2025, Rob McEwen wrote:

In that case, someone smarter and more knowledgeable on this list will 
hopefully help you. But first - one last suggestion - if you find that forwards 
to 3rd party servers work
- but turning those off causes issues - you should probably make sure that your 
"root hints" are updated, and purge any caching (rndc flush), then restart 
BIND. Maybe you've
already done that? But if not, it's worth a try before digging deeper.

If that doesn't fix this, then hopefully someone else on this list can help you.

Rob McEwen, invaluement



------ Original Message ------
From vinc...@cojot.name
To "Rob McEwen" <r...@invaluement.com>
Cc bind-users@lists.isc.org
Date 5/1/2025 11:28:23 AM
Subject Re: Massive increase of SERVFAIL after April 28th 2025.

      Hi Rob,
 
Unfortunately, as soon as I remove the 'forwarders' in any of my named servers, 
the problem comes back. The output in my previous message was captured just a 
few minutes
ago after I had disabled 'forwaders' in one of my bind servers.
 
Regards,
 
Vincent
 
 
On Thu, 1 May 2025, Rob McEwen wrote:
 
      From vinc...@cojot.name
until a few days ago (April 28th?) when the amount of SERVFAIL started going 
ballistic and started preventing the resolution of a lot of DNS names on the 
internet to
the point where DNS was unusable
 
 
I strongly suspect that this was caused (even if indirectly?) by the MASSIVE 
and many-hours-long power outages in Europe, mainly in Spain and Portugal. That 
started
on April 28,
2025, at approximately 6:33 a.m. Eastern Time (ET) - and the majority of it 
lasted almot 24 hours.
 
https://www.france24.com/en/europe/20250430-what-we-know-so-far-about-the-massive-blackout-that-hit-spain-and-portugal
 
Hopefully, you're not seeing any more of these errors now?
 
Rob McEwen, invaluement
 
 
 


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to