Brian J. Murrell wrote:
>
> that demonstrates how BIND is getting .com referrals from the root
> servers when doing a query for www.google.com and then doing nothing
> with those referrals before returning a SERVFAIL.
That indicates that it has already marked the servers as lame, so the
packet tr
On Mon, 2018-01-22 at 12:04 +, Tony Finch wrote:
>
> That indicates that it has already marked the servers as lame, so the
> packet trace isn't going to tell you what caused the lameness.
OK.
> The thing to look out for is the minutes before the outage starts -
> see
> what kind of failures
Brian J. Murrell wrote:
>
> What do EDNS problem messages look like? Just something to grep for I
> mean.
They'll have a log category of edns-disabled. But, looking through the
code, if this is leading to lameness you will also get lame-servers log
messages.
> > or lame-servers complaints
lame
Hi List,
I setup a response-policy zone to override some Records from external
DNS-Servers I can't control.
My db.rpz Zonefile:
$TTL 4H
@ IN SOA localhost. kai.mydomain.com. (
2018012212 ; serial
5M ; refres
On Mon, 2018-01-22 at 12:45 +, Tony Finch wrote:
>
> They'll have a log category of edns-disabled.
But if the problem were EDNS, would it be so intermittent and always
fixable by rndc reload?
> But, looking through the
> code, if this is leading to lameness you will also get lame-servers
> l
On Mon, 2018-01-22 at 12:04 +, Tony Finch wrote:
>
> The thing to look out for is the minutes before the outage starts -
> see
> what kind of failures you get.
So, taking this approach, looking for the first occurrence of just any
one of the names ns[1-4].google.com prior to the A/ querie
I've informed the selective service (sss.gov) of the issue. They have
supposedly passed it on to their "web support group". We will see if
anything happens but I'm not holding my breath. At least a government
agency should have more influence to get qwest to fix their servers than
I do.
Timothy
Brian J. Murrell wrote:
>
> Yeah. Must be disabled by default on EL7 I would guess, just because
> it's so noisy.
You should make sure it is enabled, because there are vital clues in those
log lines :-) Other categories you should check are `edns-disabled` (which
I already mentioned) and `resolv
Hey Kai,
> If I do a nslookup for one of the otto.de domains I reveive "** server
> can't find somehost.ov.otto.de: SERVFAIL"
The guideline behind the response-policy is that only an actual response gets
rewritten.
This is usually an answer from a recursive lookup.
If you don't get an answer, th
Unrelated to the DNS bit, but still silly / annoying:
http://www.sss.gov works OK, but http://sss.gov always seems to return
"The requested service is temporarily unavailable. It is either
overloaded or under maintenance. Please try later.".
There is a fair bit os disagreement over if a bare doma
On 01/22/2018 09:21 AM, Warren Kumari wrote:
http://www.sss.gov works OK, but http://sss.gov always seems to return
"The requested service is temporarily unavailable. It is either overloaded
or under maintenance. Please try later.".
Inconsistency between related things is annoying.
I guess pr
On Mon, 2018-01-22 at 16:10 +, Tony Finch wrote:
>
> You should make sure it is enabled, because there are vital clues in
> those
> log lines :-)
But they will only occur if there is some lameness with the ns[1-
4].google.com records and that will already be reported with lame:n in
the "fetch
12 matches
Mail list logo
