Now got some more debug info, but does it help finding out why we get the server failure?

26-syyskuuta-2018 15.46.33.999 client @0000024562471630 62.142.220.9#8179 (1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com): query failed (SERVFAIL) for 1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com/IN/TXT at ..\query.c:10692

26-syyskuuta-2018 15.46.33.999 client @0000024561EFABC0 62.142.220.9#37637 (1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com): query failed (SERVFAIL) for 1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com/IN/TXT at ..\query.c:10692

26-syyskuuta-2018 15.46.33.999 fetch completed at ..\resolver.c:4175 for 1d427bf569fa3b25355a5944e82b5e23.smg.ultra.brightmail.com/TXT in 10.014952: timed out/success [domain:smg.ultra.brightmail.com,referral:2,restart:2,qrysent:7,timeout:6,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]

26-syyskuuta-2018 15.46.33.999 fetch completed at ..\resolver.c:4175 for 31b126c2f9ec0fb531fb6f408760df5c.smg.ultra.brightmail.com/TXT in 10.014952: timed out/success [domain:smg.ultra.brightmail.com,referral:2,restart:2,qrysent:7,timeout:6,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]

26-syyskuuta-2018 15.46.33.999 client @0000024562641060 62.142.220.9#63769 (31b126c2f9ec0fb531fb6f408760df5c.smg.ultra.brightmail.com): query failed (SERVFAIL) for 31b126c2f9ec0fb531fb6f408760df5c.smg.ultra.brightmail.com/IN/TXT at ..\query.c:10692
...

Jukka

From: bind-users [mailto:bind-users-***@lists.isc.org] On Behalf Of Jukka Pakkanen
Sent: keskiviikko 26. syyskuuta 2018 11.55
To: bind-***@lists.isc.org
Subject: RE: BIND DNS problem (?)

Started logging named now, but don't see much debug information with these logging settings:

logging {
category lame-servers { null; };
category edns-disabled { null; };
category security { security_file; };
category queries { queries_file; };
category resolver { resolver_file; };
category query-errors { query-errors_file; };

channel query-errors_file {
file "d:/logs/named/query-errors.log" versions 3 size 5m;
severity debug;
print-time yes;
};

channel queries_file {
file "d:/logs/named/queries.log" versions 3 size 5m;
severity debug;
print-time yes;
};

channel resolver_file {
file "d:/logs/named/resolver.log" versions 3 size 5m;
severity debug;
print-time yes;
};

channel security_file {
file "d:/logs/named/security.log" versions 3 size 5m;
severity debug;
print-time yes;
};

};


Query-errors:

26-syyskuuta-2018 12.00.59.794 client @000001F5160E7150 62.142.220.9#28667 (73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com): query failed (SERVFAIL) for 73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com/IN/TXT at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @000001F516751E40 62.142.220.9#48236 (6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com): query failed (SERVFAIL) for 6680545bc0584602c24adc8dd123f0b5.smg.ultra.brightmail.com/IN/TXT at ..\query.c:10692
26-syyskuuta-2018 12.00.59.794 client @000001F51768CA50 62.142.220.9#47990 (73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com): query failed (SERVFAIL) for 73cb7fd0d8c8b44cd6e741d6eed0e612.smg.ultra.brightmail.com/IN/TXT at ..\query.c:10692
...

From: bind-users [mailto:bind-users-***@lists.isc.org] On Behalf Of Jukka Pakkanen
Sent: Wednesday, September 26, 2018 2:46 AM
To: bind-***@lists.isc.org<mailto:bind-***@lists.isc.org>
Subject: BIND DNS problem (?)

We are running a couple of Symantec SMG servers, and their DNS clients are configured to use your BIND 9.12.2 DNS servers.

In both SMG servers we get the same DNS "server failure" error from all our DNS servers when they do some TXT queries to SMG:

http://www.qnet.fi/jp/dns.png

(sorry for the bad quality/format, hope you can zoom in. That's all I got from Symantec when contacting their support, and they claim the problem is in our DNS servers because of the "server failure" error).

Anyway, I suppose the problem is related to these, in the response:

....
Answer authenticated: Answer/authority portion was not authenticated by the server
Non-authenticated data: Unacceptable
....

Sooo, any ideas what does this mean, is the problem in out BIND servers, or in the other end?

Jukka