Discussion:
Timeout and SERVFAIL
Alex
2018-05-29 20:53:02 UTC
Permalink
Hi,

I have a few fedora25 systems with bind-9.11 set up for a few domains.
One system is master with the other two configured as slaves. The
master and one of the slaves are on one network while the other slave
is on a totally different network.

Last week the network with the master and one of the slaves went down
for an extended period. Requests appeared to still be served by the
second slave on the totally different network.

At least for a while. It appeared once the negative cache expired
after 24h, requests to the domain just resulted in SERVFAIL.

@ IN SOA ns.example.com. admin.ns.example.com. (
2018041703 ;serial (yyyymmddxx)
3h ;refresh every 3 hr
1h ;retry every 1 hr
7d ;expire in 7 days
1d ) ;negative cache minimum ttl 1 day

How can I configure the name servers so failure of one or two doesn't
impact the third?

In the time leading up to the cache expiring, were other requests
being rejected due to the two nameservers for that zone being
unreachable?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Matus UHLAR - fantomas
2018-05-30 07:24:46 UTC
Permalink
Post by Alex
I have a few fedora25 systems with bind-9.11 set up for a few domains.
One system is master with the other two configured as slaves. The
master and one of the slaves are on one network while the other slave
is on a totally different network.
Last week the network with the master and one of the slaves went down
for an extended period. Requests appeared to still be served by the
second slave on the totally different network.
At least for a while. It appeared once the negative cache expired
after 24h, requests to the domain just resulted in SERVFAIL.
@ IN SOA ns.example.com. admin.ns.example.com. (
2018041703 ;serial (yyyymmddxx)
3h ;refresh every 3 hr
1h ;retry every 1 hr
7d ;expire in 7 days
1d ) ;negative cache minimum ttl 1 day
I guess that the "extended period" was over 7 days, which is the "expire"
TTL. After this time, zone on the slave expired and the slave stopped
providing it, returning SERVFAIL.

Use longer expire times if you expect to experience this kind of problems
more often.
Post by Alex
How can I configure the name servers so failure of one or two doesn't
impact the third?
Or use multiple master setup and distribute the zone differently than using
DNS mechanism.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Barry Margolin
2018-05-30 15:25:19 UTC
Permalink
Post by Matus UHLAR - fantomas
Use longer expire times if you expect to experience this kind of problems
more often.
Who EXPECTS to be down longer than a week? :)
--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Loading...