BIND9 DNS SERVER - Lots of failed queries with SERVFAIL and EDNS references
The issue is positively fixed. I created a github repo where I added all relevant named config files as well as logs for comparison between the broken and working config versions of my named server. Ultimately I can't really pinpoint the issue butI could have potentially been a misconfiguration of my forward and reverse zones. In my forward zone where declaring the NS record I added the domain like so
muncic.local. NS IN nas.muncic.local.
instead of
NS IN nas.muncic.local.
In my reverse zone I spotted a PTR record that wasn't using the correct value
35 IN PTR 35.0.1.168.192.muncic.local.
instead of
35 IN PTR nas
I also did various changes to my named.conf binding named to my 2nd wired interface enp6s0 running on 192.168.1.33.
This was my journalctl output for named before and after the fix for about roughly 24 hours each:
$ journalctl -u named --since="2017-02-12" --until="2017-02-13" | grep SERVFAIL -c
67
$ journalctl -u named --since="2017-02-14" | grep SERVFAIL -c
0
Related videos on Youtube
Sven M.
Languages: C#,VB.NET,SQL Frameworks: ASP.NET WebForms/MVC/Web Api, Entity Framework
Updated on September 18, 2022Comments
-
Sven M. over 1 year
I am running my own BIND9 server which is running on a arch linux in my local network. Since running the server I started getting various errors in my browser (chrome on android 6). These errors usually appear all at once in a row:
- dns probe bad
- err_name_not_resolved
- err_timed_out (Update IV)
The issue resolves itself after some 30 seconds by just clicking through the error message trying to reload the page. My logs are not showing any suspicious entries (journalctl -r -u named). I posted my bind9 config along with the relevant/running zones below. Are there any obvious issues anybody could maybe point out? I am happy to produce more config/log files as required or run any tests. I should maybe also mention that I have setup a dhcp server on the same machine. That box in addition is also hosting a windows server 2016 guest with libvirt in kvm with a qemu hypervisor. I have the output of ˋip addr showˋ attached below.
Update I: After checking my dns server log again there are actually a number of failed queries. Analysing right now. Log is attached at the very bottom. Thankful for any pointers. Thanks! (not a sys admin by day rather than a software developer so this is really not my domain of expertise so to say)
Update II: Possibly solved my issue by explicitly setting the address to listen on. In this case:
listen-on { 192.168.1.35; };
(in/etc/named.conf
) . Will monitor the log and ultimately confirm within the next 24hrs.Update III: Still receiving
servfail
errors in my dns server log but since explicitly setting the ip address to listen on I have not received any errors in my browser on this device yet and I also feel query performance has increased. The latter of course is highly subjective. Theservfail
error points to a C filequery.c
at line 8298. I am also looking into the bind9 parameteredns-udp-size
in connection with my router/internet modem. I once flashed a Telekom Speedport W920V into a AVM FritzBox 7570 vDSL which I still use as my vDSL modem/router. Still very much hoping for some pointers. Cheers.Update IV: Added additional browser error as per above. Also as mentioned in UIII I am looking into the parameter
EDNS-UDP-SIZE
due to the following log entries:Feb 07 19:05:01 nas named[10928]: success resolving 'clients4.google.com/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets Feb 07 19:04:54 nas named[10928]: client @0x7f7a18204640 192.168.1.31#14927 (clients4.google.com): query: clients4.google.com IN A + (192.168.1.35)
Output of ip addr show:
$ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000 link/ether e0:cb:4e:42:ee:e3 brd ff:ff:ff:ff:ff:ff inet6 fe80::8259:5b3a:8510:f42/64 scope link valid_lft forever preferred_lft forever 3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 68:05:ca:4a:82:b1 brd ff:ff:ff:ff:ff:ff inet 192.168.1.33/24 brd 192.168.1.255 scope global enp6s0 valid_lft forever preferred_lft forever inet6 fe80::510b:e84e:e0ec:5736/64 scope link valid_lft forever preferred_lft forever 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:d4:72:9d:eb:d7 brd ff:ff:ff:ff:ff:ff inet 192.168.1.35/24 brd 192.168.1.255 scope global br0 valid_lft forever preferred_lft forever inet 192.168.1.115/24 brd 192.168.1.255 scope global secondary br0 valid_lft forever preferred_lft forever inet6 fe80::a9ed:5871:8928:e54c/64 scope link valid_lft forever preferred_lft forever inet6 fe80::50d4:72ff:fe9d:ebd7/64 scope link valid_lft forever preferred_lft forever 5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:4c:bf:cc brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:4c:bf:cc brd ff:ff:ff:ff:ff:ff 9: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN group default qlen 1000 link/ether fe:54:00:78:91:29 brd ff:ff:ff:ff:ff:ff inet6 fe80::18cc:6a42:e2b9:6fe4/64 scope link valid_lft forever preferred_lft forever
This is my bind9 config:
acl allowedclients { 192.168.1.0/24; localhost; 127.0.0.1; }; options { directory "/var/named"; pid-file "/run/named/named.pid"; recursion yes; allow-recursion { 192.168.1.0/24; 127.0.0.1; }; allow-query { allowedclients; }; forwarders { 8.8.8.8; 8.8.4.4; }; forward only; dnssec-enable yes; dnssec-validation yes; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; listen-on port 53 { any; }; }; # Use with the following in named.conf, adjusting the allow list as needed: include "/etc/rndc.key"; # controls { inet 127.0.0.1 port 8222 allow { 127.0.0.1; } keys { "rndc-key"; }; }; zone "localhost" in { type master; file "/var/named/localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "/var/named/127.0.0.zone"; }; zone "muncic.local" in { type master; file "/var/named/muncic.local.zone"; }; zone "1.168.192.in-addr.arpa" in { type master; notify no; file "/var/named/192.168.1.zone"; };
Here is my forward zone:
$TTL 3D ; default ttl for records without a specified lifetime ;$ORIGIN muncic.local. @ IN SOA nas.muncic.local. root.muncic.local. ( 2017020201 ; serial number 16384 ; ns refresh 2048 ; ns retry 1048576 ; authority expiry 2560 ); min (RFC2308 ยง4) muncic.local. IN NS nas.muncic.local. IN NS google-public-dns-a.google.com. ;nas IN MX 192.168.1.35 muncic.local. IN A 192.168.1.35 nas IN A 192.168.1.35 a.mx IN A 192.168.1.35 0.0.1.168.192 IN A 192.168.1.0 router IN A 192.168.1.1 2.0.1.168.192 IN A 192.168.1.2 3.0.1.168.192 IN A 192.168.1.3 4.0.1.168.192 IN A 192.168.1.4 5.0.1.168.192 IN A 192.168.1.5 6.0.1.168.192 IN A 192.168.1.6 7.0.1.168.192 IN A 192.168.1.7 8.0.1.168.192 IN A 192.168.1.8 9.0.1.168.192 IN A 192.168.1.9 s7e IN A 192.168.1.10 11.0.1.168.192 IN A 192.168.1.11 winsrv16 IN A 192.168.1.12 13.0.1.168.192 IN A 192.168.1.13 14.0.1.168.192 IN A 192.168.1.14 15.0.1.168.192 IN A 192.168.1.15 16.0.1.168.192 IN A 192.168.1.16 17.0.1.168.192 IN A 192.168.1.17 18.0.1.168.192 IN A 192.168.1.18 19.0.1.168.192 IN A 192.168.1.19 20.0.1.168.192 IN A 192.168.1.20 21.0.1.168.192 IN A 192.168.1.21 22.0.1.168.192 IN A 192.168.1.22 23.0.1.168.192 IN A 192.168.1.23 htpc IN A 192.168.1.24 main IN A 192.168.1.25 26.0.1.168.192 IN A 192.168.1.26 27.0.1.168.192 IN A 192.168.1.27 28.0.1.168.192 IN A 192.168.1.28 29.0.1.168.192 IN A 192.168.1.29 30.0.1.168.192 IN A 192.168.1.30 s2 IN A 192.168.1.31 32.0.1.168.192 IN A 192.168.1.32 33.0.1.168.192 IN A 192.168.1.33 34.0.1.168.192 IN A 192.168.1.34 nas IN A 192.168.1.35 36.0.1.168.192 IN A 192.168.1.36 37.0.1.168.192 IN A 192.168.1.37 38.0.1.168.192 IN A 192.168.1.38 39.0.1.168.192 IN A 192.168.1.39 40.0.1.168.192 IN A 192.168.1.40 41.0.1.168.192 IN A 192.168.1.41 42.0.1.168.192 IN A 192.168.1.42 43.0.1.168.192 IN A 192.168.1.43 44.0.1.168.192 IN A 192.168.1.44 45.0.1.168.192 IN A 192.168.1.45 46.0.1.168.192 IN A 192.168.1.46 47.0.1.168.192 IN A 192.168.1.47 48.0.1.168.192 IN A 192.168.1.48 49.0.1.168.192 IN A 192.168.1.49 50.0.1.168.192 IN A 192.168.1.50 51.0.1.168.192 IN A 192.168.1.51 52.0.1.168.192 IN A 192.168.1.52 53.0.1.168.192 IN A 192.168.1.53 54.0.1.168.192 IN A 192.168.1.54 55.0.1.168.192 IN A 192.168.1.55 56.0.1.168.192 IN A 192.168.1.56 57.0.1.168.192 IN A 192.168.1.57 58.0.1.168.192 IN A 192.168.1.58 59.0.1.168.192 IN A 192.168.1.59 60.0.1.168.192 IN A 192.168.1.60 61.0.1.168.192 IN A 192.168.1.61 62.0.1.168.192 IN A 192.168.1.62 63.0.1.168.192 IN A 192.168.1.63 64.0.1.168.192 IN A 192.168.1.64 65.0.1.168.192 IN A 192.168.1.65 66.0.1.168.192 IN A 192.168.1.66 67.0.1.168.192 IN A 192.168.1.67 68.0.1.168.192 IN A 192.168.1.68 69.0.1.168.192 IN A 192.168.1.69 70.0.1.168.192 IN A 192.168.1.70 71.0.1.168.192 IN A 192.168.1.71 72.0.1.168.192 IN A 192.168.1.72 73.0.1.168.192 IN A 192.168.1.73 74.0.1.168.192 IN A 192.168.1.74 75.0.1.168.192 IN A 192.168.1.75 76.0.1.168.192 IN A 192.168.1.76 77.0.1.168.192 IN A 192.168.1.77 78.0.1.168.192 IN A 192.168.1.78 79.0.1.168.192 IN A 192.168.1.79 80.0.1.168.192 IN A 192.168.1.80 81.0.1.168.192 IN A 192.168.1.81 82.0.1.168.192 IN A 192.168.1.82 83.0.1.168.192 IN A 192.168.1.83 84.0.1.168.192 IN A 192.168.1.84 85.0.1.168.192 IN A 192.168.1.85 86.0.1.168.192 IN A 192.168.1.86 87.0.1.168.192 IN A 192.168.1.87 88.0.1.168.192 IN A 192.168.1.88 89.0.1.168.192 IN A 192.168.1.89 90.0.1.168.192 IN A 192.168.1.90 91.0.1.168.192 IN A 192.168.1.91 92.0.1.168.192 IN A 192.168.1.92 93.0.1.168.192 IN A 192.168.1.93 94.0.1.168.192 IN A 192.168.1.94 95.0.1.168.192 IN A 192.168.1.95 96.0.1.168.192 IN A 192.168.1.96 97.0.1.168.192 IN A 192.168.1.97 98.0.1.168.192 IN A 192.168.1.98 99.0.1.168.192 IN A 192.168.1.99 100.0.1.168.192 IN A 192.168.1.100 101.0.1.168.192 IN A 192.168.1.101 102.0.1.168.192 IN A 192.168.1.102 103.0.1.168.192 IN A 192.168.1.103 104.0.1.168.192 IN A 192.168.1.104 105.0.1.168.192 IN A 192.168.1.105 106.0.1.168.192 IN A 192.168.1.106 107.0.1.168.192 IN A 192.168.1.107 108.0.1.168.192 IN A 192.168.1.108 109.0.1.168.192 IN A 192.168.1.109 110.0.1.168.192 IN A 192.168.1.110 111.0.1.168.192 IN A 192.168.1.111 112.0.1.168.192 IN A 192.168.1.112 113.0.1.168.192 IN A 192.168.1.113 114.0.1.168.192 IN A 192.168.1.114 115.0.1.168.192 IN A 192.168.1.115 116.0.1.168.192 IN A 192.168.1.116 117.0.1.168.192 IN A 192.168.1.117 118.0.1.168.192 IN A 192.168.1.118 119.0.1.168.192 IN A 192.168.1.119 120.0.1.168.192 IN A 192.168.1.120 121.0.1.168.192 IN A 192.168.1.121 122.0.1.168.192 IN A 192.168.1.122 123.0.1.168.192 IN A 192.168.1.123 124.0.1.168.192 IN A 192.168.1.124 125.0.1.168.192 IN A 192.168.1.125 126.0.1.168.192 IN A 192.168.1.126 127.0.1.168.192 IN A 192.168.1.127 t813n IN CNAME s2.muncic.local. g935f IN CNAME s7e.muncic.local. jira IN CNAME winsrv16.muncic.local. www IN CNAME muncic.local.
And this would be my reverse zone:
$TTL 3D ; default ttl for records without a specified lifetime ;$ORIGIN 0.1.168.192.in-addr.arpa. @ IN SOA nas.muncic.local. root.muncic.local. ( 2017020201 ; serial number 16384 ; ns refresh 2048 ; ns retry 1048576 ; authority expiry 2560 ); min (RFC2308 ยง4) IN NS nas.muncic.local. IN NS google-public-dns-a.google.com. 35 IN PTR a.mx.muncic.local. 0 IN PTR 0.0.1.168.192.muncic.local. 1 IN PTR router 2 IN PTR 2.0.1.168.192.muncic.local. 3 IN PTR 3.0.1.168.192.muncic.local. 4 IN PTR 4.0.1.168.192.muncic.local. 5 IN PTR 5.0.1.168.192.muncic.local. 6 IN PTR 6.0.1.168.192.muncic.local. 7 IN PTR 7.0.1.168.192.muncic.local. 8 IN PTR 8.0.1.168.192.muncic.local. 9 IN PTR 9.0.1.168.192.muncic.local. 10 IN PTR s7e 11 IN PTR 11.0.1.168.192.muncic.local. 12 IN PTR winsrv16 13 IN PTR 13.0.1.168.192.muncic.local. 14 IN PTR 14.0.1.168.192.muncic.local. 15 IN PTR 15.0.1.168.192.muncic.local. 16 IN PTR 16.0.1.168.192.muncic.local. 17 IN PTR 17.0.1.168.192.muncic.local. 18 IN PTR 18.0.1.168.192.muncic.local. 19 IN PTR 19.0.1.168.192.muncic.local. 20 IN PTR 20.0.1.168.192.muncic.local. 21 IN PTR 21.0.1.168.192.muncic.local. 22 IN PTR 22.0.1.168.192.muncic.local. 23 IN PTR 23.0.1.168.192.muncic.local. 24 IN PTR htpc 25 IN PTR main 26 IN PTR 26.0.1.168.192.muncic.local. 27 IN PTR 27.0.1.168.192.muncic.local. 28 IN PTR 28.0.1.168.192.muncic.local. 29 IN PTR 29.0.1.168.192.muncic.local. 30 IN PTR 30.0.1.168.192.muncic.local. 31 IN PTR s2 32 IN PTR 32.0.1.168.192.muncic.local. 33 IN PTR 33.0.1.168.192.muncic.local. 34 IN PTR 34.0.1.168.192.muncic.local. 35 IN PTR 35.0.1.168.192.muncic.local. 36 IN PTR 36.0.1.168.192.muncic.local. 37 IN PTR 37.0.1.168.192.muncic.local. 38 IN PTR 38.0.1.168.192.muncic.local. 39 IN PTR 39.0.1.168.192.muncic.local. 40 IN PTR 40.0.1.168.192.muncic.local. 41 IN PTR 41.0.1.168.192.muncic.local. 42 IN PTR 42.0.1.168.192.muncic.local. 43 IN PTR 43.0.1.168.192.muncic.local. 44 IN PTR 44.0.1.168.192.muncic.local. 45 IN PTR 45.0.1.168.192.muncic.local. 46 IN PTR 46.0.1.168.192.muncic.local. 47 IN PTR 47.0.1.168.192.muncic.local. 48 IN PTR 48.0.1.168.192.muncic.local. 49 IN PTR 49.0.1.168.192.muncic.local. 50 IN PTR 50.0.1.168.192.muncic.local. 51 IN PTR 51.0.1.168.192.muncic.local. 52 IN PTR 52.0.1.168.192.muncic.local. 53 IN PTR 53.0.1.168.192.muncic.local. 54 IN PTR 54.0.1.168.192.muncic.local. 55 IN PTR 55.0.1.168.192.muncic.local. 56 IN PTR 56.0.1.168.192.muncic.local. 57 IN PTR 57.0.1.168.192.muncic.local. 58 IN PTR 58.0.1.168.192.muncic.local. 59 IN PTR 59.0.1.168.192.muncic.local. 60 IN PTR 60.0.1.168.192.muncic.local. 61 IN PTR 61.0.1.168.192.muncic.local. 62 IN PTR 62.0.1.168.192.muncic.local. 63 IN PTR 63.0.1.168.192.muncic.local. 64 IN PTR 64.0.1.168.192.muncic.local. 65 IN PTR 65.0.1.168.192.muncic.local. 66 IN PTR 66.0.1.168.192.muncic.local. 67 IN PTR 67.0.1.168.192.muncic.local. 68 IN PTR 68.0.1.168.192.muncic.local. 69 IN PTR 69.0.1.168.192.muncic.local. 70 IN PTR 70.0.1.168.192.muncic.local. 71 IN PTR 71.0.1.168.192.muncic.local. 72 IN PTR 72.0.1.168.192.muncic.local. 73 IN PTR 73.0.1.168.192.muncic.local. 74 IN PTR 74.0.1.168.192.muncic.local. 75 IN PTR 75.0.1.168.192.muncic.local. 76 IN PTR 76.0.1.168.192.muncic.local. 77 IN PTR 77.0.1.168.192.muncic.local. 78 IN PTR 78.0.1.168.192.muncic.local. 79 IN PTR 79.0.1.168.192.muncic.local. 80 IN PTR 80.0.1.168.192.muncic.local. 81 IN PTR 81.0.1.168.192.muncic.local. 82 IN PTR 82.0.1.168.192.muncic.local. 83 IN PTR 83.0.1.168.192.muncic.local. 84 IN PTR 84.0.1.168.192.muncic.local. 85 IN PTR 85.0.1.168.192.muncic.local. 86 IN PTR 86.0.1.168.192.muncic.local. 87 IN PTR 87.0.1.168.192.muncic.local. 88 IN PTR 88.0.1.168.192.muncic.local. 89 IN PTR 89.0.1.168.192.muncic.local. 90 IN PTR 90.0.1.168.192.muncic.local. 91 IN PTR 91.0.1.168.192.muncic.local. 92 IN PTR 92.0.1.168.192.muncic.local. 93 IN PTR 93.0.1.168.192.muncic.local. 94 IN PTR 94.0.1.168.192.muncic.local. 95 IN PTR 95.0.1.168.192.muncic.local. 96 IN PTR 96.0.1.168.192.muncic.local. 97 IN PTR 97.0.1.168.192.muncic.local. 98 IN PTR 98.0.1.168.192.muncic.local. 99 IN PTR 99.0.1.168.192.muncic.local. 100 IN PTR 100.0.1.168.192.muncic.local. 101 IN PTR 101.0.1.168.192.muncic.local. 102 IN PTR 102.0.1.168.192.muncic.local. 103 IN PTR 103.0.1.168.192.muncic.local. 104 IN PTR 104.0.1.168.192.muncic.local. 105 IN PTR 105.0.1.168.192.muncic.local. 106 IN PTR 106.0.1.168.192.muncic.local. 107 IN PTR 107.0.1.168.192.muncic.local. 108 IN PTR 108.0.1.168.192.muncic.local. 109 IN PTR 109.0.1.168.192.muncic.local. 110 IN PTR 110.0.1.168.192.muncic.local. 111 IN PTR 111.0.1.168.192.muncic.local. 112 IN PTR 112.0.1.168.192.muncic.local. 113 IN PTR 113.0.1.168.192.muncic.local. 114 IN PTR 114.0.1.168.192.muncic.local. 115 IN PTR 115.0.1.168.192.muncic.local. 116 IN PTR 116.0.1.168.192.muncic.local. 117 IN PTR 117.0.1.168.192.muncic.local. 118 IN PTR 118.0.1.168.192.muncic.local. 119 IN PTR 119.0.1.168.192.muncic.local. 120 IN PTR 120.0.1.168.192.muncic.local. 121 IN PTR 121.0.1.168.192.muncic.local. 122 IN PTR 122.0.1.168.192.muncic.local. 123 IN PTR 123.0.1.168.192.muncic.local. 124 IN PTR 124.0.1.168.192.muncic.local. 125 IN PTR 125.0.1.168.192.muncic.local. 126 IN PTR 126.0.1.168.192.muncic.local. 127 IN PTR 127.0.1.168.192.muncic.local.
Output of journalctl like so (full log):
$ journalctl -r -u named --since="2017-02-06 21:23:20" | grep 192.168.1.31 Feb 06 21:23:53 nas named[13865]: client @0x7f2a5419f1c0 192.168.1.31#12998 (www.jspell.com): query: www.jspell.com IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#12998 (www.jspell.com): query: www.jspell.com IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#1803 (www.gstatic.com.muncic.local): query: www.gstatic.com.muncic.local IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a4400de10 192.168.1.31#5616 (www.gstatic.com): query failed (SERVFAIL) for www.gstatic.com/IN/A at query.c:6805 Feb 06 21:23:48 nas named[13865]: client @0x7f2a4400de10 192.168.1.31#5616 (www.gstatic.com): query: www.gstatic.com IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a3c10fd90 192.168.1.31#22885 (www.gstatic.com): query failed (SERVFAIL) for www.gstatic.com/IN/A at query.c:8298 Feb 06 21:23:48 nas named[13865]: client @0x7f2a54d09360 192.168.1.31#9720 (www.gstatic.com): query failed (SERVFAIL) for www.gstatic.com/IN/A at query.c:8298 Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#9195 (cdnjs.cloudflare.com): query failed (SERVFAIL) for cdnjs.cloudflare.com/IN/A at query.c:6805 Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#9195 (cdnjs.cloudflare.com): query: cdnjs.cloudflare.com IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#15094 (cdnjs.cloudflare.com): query failed (SERVFAIL) for cdnjs.cloudflare.com/IN/A at query.c:6805 Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#15094 (cdnjs.cloudflare.com): query: cdnjs.cloudflare.com IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#11314 (www.google.de): query failed (SERVFAIL) for www.google.de/IN/A at query.c:6805 Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#11314 (www.google.de): query: www.google.de IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a54173d80 192.168.1.31#26564 (cdnjs.cloudflare.com): query failed (SERVFAIL) for cdnjs.cloudflare.com/IN/A at query.c:8298 Feb 06 21:23:48 nas named[13865]: client @0x7f2a40013ed0 192.168.1.31#29727 (www.google.de): query failed (SERVFAIL) for www.google.de/IN/A at query.c:8298 Feb 06 21:23:48 nas named[13865]: client @0x7f2a54da5e20 192.168.1.31#28030 (www.google.de): query failed (SERVFAIL) for www.google.de/IN/A at query.c:8298 Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#31811 (azurecomcdn.azureedge.net): query failed (SERVFAIL) for azurecomcdn.azureedge.net/IN/A at query.c:6805 Feb 06 21:23:48 nas named[13865]: client @0x7f2a54a3f1b0 192.168.1.31#15173 (maxcdn.bootstrapcdn.com): query failed (SERVFAIL) for maxcdn.bootstrapcdn.com/IN/A at query.c:6805 Feb 06 21:23:48 nas named[13865]: client @0x7f2a38024500 192.168.1.31#31811 (azurecomcdn.azureedge.net): query: azurecomcdn.azureedge.net IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a54a3f1b0 192.168.1.31#15173 (maxcdn.bootstrapcdn.com): query: maxcdn.bootstrapcdn.com IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a38023a80 192.168.1.31#28154 (id.google.de): query: id.google.de IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a38023a80 192.168.1.31#25790 (maxcdn.bootstrapcdn.com): query failed (SERVFAIL) for maxcdn.bootstrapcdn.com/IN/A at query.c:6805 Feb 06 21:23:48 nas named[13865]: client @0x7f2a3c019270 192.168.1.31#4902 (azurecomcdn.azureedge.net): query failed (SERVFAIL) for azurecomcdn.azureedge.net/IN/A at query.c:6805 Feb 06 21:23:48 nas named[13865]: client @0x7f2a38023a80 192.168.1.31#25790 (maxcdn.bootstrapcdn.com): query: maxcdn.bootstrapcdn.com IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a3c019270 192.168.1.31#4902 (azurecomcdn.azureedge.net): query: azurecomcdn.azureedge.net IN A + (192.168.1.35) Feb 06 21:23:48 nas named[13865]: client @0x7f2a38011920 192.168.1.31#5589 (maxcdn.bootstrapcdn.com): query failed (SERVFAIL) for maxcdn.bootstrapcdn.com/IN/A at query.c:8298 Feb 06 21:23:48 nas named[13865]: client @0x7f2a4c032bd0 192.168.1.31#24651 (id.google.de): query failed (SERVFAIL) for id.google.de/IN/A at query.c:8298 Feb 06 21:23:48 nas named[13865]: client @0x7f2a4c00bb60 192.168.1.31#12649 (id.google.de): query failed (SERVFAIL) for id.google.de/IN/A at query.c:8298 Feb 06 21:23:48 nas named[13865]: client @0x7f2a54d578c0 192.168.1.31#10242 (azurecomcdn.azureedge.net): query failed (SERVFAIL) for azurecomcdn.azureedge.net/IN/A at query.c:8298 Feb 06 21:23:44 nas named[13865]: client @0x7f2a3c10fd90 192.168.1.31#22885 (www.gstatic.com): query: www.gstatic.com IN A + (192.168.1.35) Feb 06 21:23:44 nas named[13865]: client @0x7f2a54da5e20 192.168.1.31#28030 (www.google.de): query: www.google.de IN A + (192.168.1.35)
-
Admin about 7 yearsPossibly solved my issue by explicitly setting the address to listen on. In this case:
listen-on { 192.168.1.35; };
. Will monitor the log and ultimately confirm within the next 24hrs. -
Admin about 7 yearsStill receiving
servfail
errors in my dns server log but since explicitly setting the ip address to listen on I have not received any errors in my browser on this device yet and I also feel query performance has increased. The latter of course is highly subjective. Theservfail
error points to a C filequery.c
at line 8298. I am also looking into the bind9 parameteredns-udp-size
in connection with my router/internet modem. I once flashed a Telekom Speedport W920V into a AVM FritzBox 7570 vDSL which I still use as my vDSL modem/router. Still very much hoping for some pointers. Cheers. -
Admin about 7 yearsI have done some more work on my named.conf and my zones. First I allowed my dns server to query itself rather than to use
resolv.conf
. Also I noticed in my forward zone in my NS declaration I started withmuncic.local
instead of leaving that out completely. Further in my reverse zone I missed to declare a PTR record for my dns server (35 PTR {..}
). These are just a few of my changes. Just to be thorough I worked my dhcpd.conf over too cleaning it up. So far no failed queries. In case this holds for the next 24hrs I will post my changes pointing out what was most likely wrong. -
Admin about 7 yearsPreliminary result: $ journalctl -u named --since="2017-02-13 00:00" | grep -c SERVFAIL 346 $ journalctl -u named --since="2017-02-13 23:04:30" | grep -c SERVFAIL 0 $ date Tue 14 Feb 05:40:16 CET 2017 Looking real good! Longer write-up of possible solution tonight.