On 14/09/18 03:39, Alex wrote: > Hi, > > On Thu, Sep 13, 2018 at 7:56 PM Wietse Venema <wie...@porcupine.org> wrote: >> Alex: >>> Domain Name System (response) >>> Transaction ID: 0xded6 >>> Flags: 0x8182 Standard query response, Server failure >>> 1... .... .... .... = Response: Message is a response >>> .000 0... .... .... = Opcode: Standard query (0) >>> .... .0.. .... .... = Authoritative: Server is not an >>> authority for domain >>> .... ..0. .... .... = Truncated: Message is not truncated >>> .... ...1 .... .... = Recursion desired: Do query recursively >>> .... .... 1... .... = Recursion available: Server can do >>> recursive queries >>> .... .... .0.. .... = Z: reserved (0) >>> .... .... ..0. .... = Answer authenticated: Answer/authority >>> portion was not authenticated by the server >>> .... .... ...0 .... = Non-authenticated data: Unacceptable >>> .... .... .... 0010 = Reply code: Server failure (2) >> The REMOTE DNS server returns an error. Ask THEM why they do that. >> Maybe you're exceeding the request quota; if so, pay them more. > No, I should have mentioned that it doesn't always fail, and mailspike > (in this case) doesn't have a quota. It also fails for my registered > barracuda and other RBLs we pay for. > > It failed about a thousand times over the course of the day, while at > least tens of thousands of queries with the same config have > succeeded. > > Other ideas greatly appreciated. > In another email you mentioned that you have a business class cable modem. In the past I have seen intermittent dns failures caused by security features that block udp and tcp floods. If the modem (or any router in between the modem and your server) has such a feature and the configured values of allowed packet rate are set too low there will be sporadic dropped dns answer packets during times of peak dns queries.
Other than that, given that it is your local resolver that is providing the failure response you might look into potential debugging and logging features on that software. John
