Hi Rob,
Thank you for your message. Yes, I've already done all that. (got the
latest root zone, restart named each time I switch from forwarders
to non-forwarders, etc...).
I am using lip6.fr as an example because it hosts some mirrors for Fedora
Linux but I am pretty sure it's not the only site.
On the other hand, I think you might be right.. on a RHEL9 host in Canada,
even with the same configuration as here in EMEA, I don't reproduce the
issue anymore:
# dig -t dnskey lip6.fr.
; <<>> DiG 9.16.23-RH <<>> -t dnskey lip6.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31209
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;lip6.fr. IN DNSKEY
;; AUTHORITY SECTION:
lip6.fr. 3600 IN SOA osiris.lip6.fr.
hostmaster.lip6.fr. 2025042900 21600 3600 3600000 3600
;; Query time: 134 msec
;; SERVER: 213.186.33.99#53(213.186.33.99)
;; WHEN: Thu May 01 15:44:14 UTC 2025
;; MSG SIZE rcvd: 90
,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,
Vincent S. Cojot, Computer Engineering. STEP project. _.,-*~'`^`'~*-,._.,-*~
Ecole Polytechnique de Montreal, Comite Micro-Informatique. _.,-*~'`^`'~*-,.
Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'
http://step.polymtl.ca/~coyote _.,-*~'`^`'~*-,._ coy...@nospam4cojot.name
They cannot scare me with their empty spaces
Between stars - on stars where no human race is
I have it in me so much nearer home
To scare myself with my own desert places. - Robert Frost
On Thu, 1 May 2025, Rob McEwen wrote:
In that case, someone smarter and more knowledgeable on this list will
hopefully help you. But first - one last suggestion - if you find that forwards
to 3rd party servers work
- but turning those off causes issues - you should probably make sure that your
"root hints" are updated, and purge any caching (rndc flush), then restart
BIND. Maybe you've
already done that? But if not, it's worth a try before digging deeper.
If that doesn't fix this, then hopefully someone else on this list can help you.
Rob McEwen, invaluement
------ Original Message ------
From vinc...@cojot.name
To "Rob McEwen" <r...@invaluement.com>
Cc bind-users@lists.isc.org
Date 5/1/2025 11:28:23 AM
Subject Re: Massive increase of SERVFAIL after April 28th 2025.
Hi Rob,
Unfortunately, as soon as I remove the 'forwarders' in any of my named servers,
the problem comes back. The output in my previous message was captured just a
few minutes
ago after I had disabled 'forwaders' in one of my bind servers.
Regards,
Vincent
On Thu, 1 May 2025, Rob McEwen wrote:
From vinc...@cojot.name
until a few days ago (April 28th?) when the amount of SERVFAIL started going
ballistic and started preventing the resolution of a lot of DNS names on the
internet to
the point where DNS was unusable
I strongly suspect that this was caused (even if indirectly?) by the MASSIVE
and many-hours-long power outages in Europe, mainly in Spain and Portugal. That
started
on April 28,
2025, at approximately 6:33 a.m. Eastern Time (ET) - and the majority of it
lasted almot 24 hours.
https://www.france24.com/en/europe/20250430-what-we-know-so-far-about-the-massive-blackout-that-hit-spain-and-portugal
Hopefully, you're not seeing any more of these errors now?
Rob McEwen, invaluement
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
