Discussion:
SERVFAIL on IPv6 tunnelbroker network
Patrik
2018-07-25 05:52:30 UTC
Permalink
Hello!

How are you?
I started having a problem with BIND9. Something must have changed, because
I start getting SERVFAIL a lot.
Looks like this:
25-Jul-2018 07:44:09.647 client @0x7fa268223c10 192.168.78.30#56577 (
aax-eu.amazon-adsystem.com): view internal-enp1s0f3: query failed
(SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 (
aax-eu.amazon-adsystem.com): view internal-enp1s0f2: query failed
(SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2440c7ef0
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com): view
internal-enp1s0f3: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 (
aax-eu.amazon-adsystem.com): view internal-enp1s0f2: query failed
(SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com): view
internal-enp1s0f3: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2340836e0
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com): view
internal-enp1s0f2: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com): view
internal-enp1s0f2: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885

To me, it looks like, the requests try the AAAA ipv6 addresses but they are
not in IPv6 and because of that it gives a SERVFAIL.
Is there a way to give a priority to the BIND9 request before the IPv6 and
first try the IPv4 and if there is no IPv4 result, then try IPv6. Because
now, it gives a few SERVFAIL (I have to refresh the browser, to make it
work to get), I guess, get the IPv4 if only works after a few refreshes.
Even, if I do a dig on it iit shows, there is no AAAA:
***@server:/etc/nginx/sites-enabled# dig aax-eu.amazon-adsystem.com

; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45e832118506bb5a0758eeb5b580e51c9b57c8a8d971011 (good)
;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com. IN A

;; ANSWER SECTION:
aax-eu.amazon-adsystem.com. 60 IN A 52.94.216.48

;; AUTHORITY SECTION:
aax-eu.amazon-adsystem.com. 860 IN NS ns-921.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-911.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-932.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-931.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-912.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-923.amazon.com.

;; Query time: 52 msec
;; SERVER: 192.168.78.20#53(192.168.78.20)
;; WHEN: Wed Jul 25 07:44:49 CEST 2018
;; MSG SIZE rcvd: 232

Is there any solution for this? It just started happening in the last week.

*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36
20 342 8046
Dns Admin
2018-07-25 06:04:32 UTC
Permalink
Hi Patrik,

I don't see any SERVFAIL querying for this AAAA record.  maybe
your"internal-enp1s0f3" view is configured to bump this domain?

Kind Regards Peter

dig aax-eu.amazon-adsystem.com aaaa

; <<>> DiG 9.10.2-P4 <<>> aax-eu.amazon-adsystem.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32650
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com.    IN      AAAA

;; AUTHORITY SECTION:
aax-eu.amazon-adsystem.com. 60  IN      SOA ns-924.amazon.com.
root.amazon.com. 1532498091 3600 900 7776000 60

;; Query time: 67 msec
;; SERVER: 205.166.94.20#53(205.166.94.20)
;; WHEN: Wed Jul 25 05:59:58 UTC 2018
;; MSG SIZE  rcvd: 110
Post by Patrik
Hello!
How are you?
I started having a problem with BIND9. Something must have changed,
because I start getting SERVFAIL a lot.
(aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>): view
internal-enp1s0f3: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at
../../../bin/named/query.c:6885
(aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>): view
internal-enp1s0f2: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at
../../../bin/named/query.c:6885
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com
<http://aax-eu.amazon-adsystem.com>): view internal-enp1s0f3: query
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at
../../../bin/named/query.c:6885
(aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>): view
internal-enp1s0f2: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at
../../../bin/named/query.c:6885
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com
<http://aax-eu.amazon-adsystem.com>): view internal-enp1s0f3: query
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at
../../../bin/named/query.c:6885
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com
<http://aax-eu.amazon-adsystem.com>): view internal-enp1s0f2: query
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at
../../../bin/named/query.c:6885
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com
<http://aax-eu.amazon-adsystem.com>): view internal-enp1s0f2: query
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at
../../../bin/named/query.c:6885
To me, it looks like, the requests try the AAAA ipv6 addresses but
they are not in IPv6 and because of that it gives a SERVFAIL.
Is there a way to give a priority to the BIND9 request before the IPv6
and first try the IPv4 and if there is no IPv4 result, then try IPv6.
Because now, it gives a few SERVFAIL (I have to refresh the browser,
to make it work to get), I guess, get the IPv4 if only works after a
few refreshes.
<http://aax-eu.amazon-adsystem.com>
; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com
<http://aax-eu.amazon-adsystem.com>
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45e832118506bb5a0758eeb5b580e51c9b57c8a8d971011 (good)
;aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.INA
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.
60INA52.94.216.48
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.
860INNSns-921.amazon.com <http://ns-921.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.
860INNSns-911.amazon.com <http://ns-911.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.
860INNSns-932.amazon.com <http://ns-932.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.
860INNSns-931.amazon.com <http://ns-931.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.
860INNSns-912.amazon.com <http://ns-912.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.
860INNSns-923.amazon.com <http://ns-923.amazon.com>.
;; Query time: 52 msec
;; SERVER: 192.168.78.20#53(192.168.78.20)
;; WHEN: Wed Jul 25 07:44:49 CEST 2018
;; MSG SIZE  rcvd: 232
Is there any solution for this? It just started happening in the last week.
*_
_*
*_Patrik_*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> |
NPM <https://www.npmjs.com/%7Epatrikx3> | Corifeus
<https://corifeus.com> | +36 20 342 8046
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
Patrik
2018-07-25 06:08:01 UTC
Permalink
Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump this
domain?
Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };

notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};

include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };

include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
// include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};

// include "/var/lib/samba/private/named.conf";

};


view "external" {
match-clients { any; };

recursion no;
additional-from-auth no;
additional-from-cache no;

// allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };

// zone "namesystem.tk" IN {
// type master;
// file "/etc/bind/zones/external.namesystem.tk";
// };
};


*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36
20 342 8046
Post by Dns Admin
Hi Patrik,
I don't see any SERVFAIL querying for this AAAA record. maybe your
"internal-enp1s0f3" view is configured to bump this domain?
Kind Regards Peter
dig aax-eu.amazon-adsystem.com aaaa
; <<>> DiG 9.10.2-P4 <<>> aax-eu.amazon-adsystem.com aaaa
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32650
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
; EDNS: version: 0, flags:; udp: 4096
;aax-eu.amazon-adsystem.com. IN AAAA
aax-eu.amazon-adsystem.com. 60 IN SOA ns-924.amazon.com.
root.amazon.com. 1532498091 3600 900 7776000 60
;; Query time: 67 msec
;; SERVER: 205.166.94.20#53(205.166.94.20)
;; WHEN: Wed Jul 25 05:59:58 UTC 2018
;; MSG SIZE rcvd: 110
Hello!
How are you?
I started having a problem with BIND9. Something must have changed,
because I start getting SERVFAIL a lot.
aax-eu.amazon-adsystem.com): view internal-enp1s0f3: query failed
(SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
../../../bin/named/query.c:6885
aax-eu.amazon-adsystem.com): view internal-enp1s0f2: query failed
(SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
../../../bin/named/query.c:6885
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com): view
internal-enp1s0f3: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
aax-eu.amazon-adsystem.com): view internal-enp1s0f2: query failed
(SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA at
../../../bin/named/query.c:6885
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com): view
internal-enp1s0f3: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com): view
internal-enp1s0f2: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com): view
internal-enp1s0f2: query failed (SERVFAIL) for
aax-eu.amazon-adsystem.com/IN/AAAA at ../../../bin/named/query.c:6885
To me, it looks like, the requests try the AAAA ipv6 addresses but they
are not in IPv6 and because of that it gives a SERVFAIL.
Is there a way to give a priority to the BIND9 request before the IPv6 and
first try the IPv4 and if there is no IPv4 result, then try IPv6. Because
now, it gives a few SERVFAIL (I have to refresh the browser, to make it
work to get), I guess, get the IPv4 if only works after a few refreshes.
; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45e832118506bb5a0758eeb5b580e51c9b57c8a8d971011 (good)
;aax-eu.amazon-adsystem.com. IN A
aax-eu.amazon-adsystem.com. 60 IN A 52.94.216.48
aax-eu.amazon-adsystem.com. 860 IN NS ns-921.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-911.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-932.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-931.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-912.amazon.com.
aax-eu.amazon-adsystem.com. 860 IN NS ns-923.amazon.com.
;; Query time: 52 msec
;; SERVER: 192.168.78.20#53(192.168.78.20)
;; WHEN: Wed Jul 25 07:44:49 CEST 2018
;; MSG SIZE rcvd: 232
Is there any solution for this? It just started happening in the last week.
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
<https://www.npmjs.com/%7Epatrikx3> | Corifeus <https://corifeus.com> | +36
20 342 8046
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
Patrik
2018-07-25 10:08:46 UTC
Permalink
Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump this
domain?
Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };

notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};

include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };

include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
// include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};

// include "/var/lib/samba/private/named.conf";

};


view "external" {
match-clients { any; };

recursion no;
additional-from-auth no;
additional-from-cache no;

// allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };

// zone "namesystem.tk" IN {
// type master;
// file "/etc/bind/zones/external.namesystem.tk";
// };
};
Dns Admin
2018-07-25 10:16:39 UTC
Permalink
Hi Patrik,

192.168.81.20 appears to be matched to the internal-enp1s0f3 view.
This view might not be able to resolve these external dns entries correctly

what do you get when you try

dig @192.168.81.20 com soa

and

dig @192.168.81.20 production.cloudflare.docker.com +trace

Kind Regards Peter
Post by Patrik
Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump
this domain?
Is this a setting?
view "internal-enp1s0f3" {
    match-clients { "internal-enp1s0f3"; };
    match-recursive-only yes;
    recursion yes;
    allow-recursion { "internal-enp1s0f3"; };
    notify yes;
    allow-update { none; };
    allow-query { any; };
    allow-transfer { xfer; };
    include "/etc/bind/named.conf.default-zones";
    zone "patrikx3.com <http://patrikx3.com/>" {
        type master;
        file "/etc/bind/zones/enp1s0f3/patrikx3.com
<http://patrikx3.com/>";
        include "/var/lib/samba/private/named.conf.update";
    };
    zone "corifeus.com <http://corifeus.com/>" {
        type master;
        file "/etc/bind/zones/enp1s0f3/corifeus.com
<http://corifeus.com/>";
    };
    include "/var/lib/samba/private/named.conf";
};
view "internal-enp1s0f2" {
    match-clients { "internal-enp1s0f2"; };
    match-recursive-only yes;
    recursion yes;
    allow-recursion { "internal-enp1s0f2"; };
     notify yes;
    allow-update { none; };
    allow-query { any; };
    allow-transfer { xfer; };
    include "/etc/bind/named.conf.default-zones";
    zone "patrikx3.com <http://patrikx3.com/>" {
        type master;
        file "/etc/bind/zones/enp1s0f2/patrikx3.com
<http://patrikx3.com/>";
//        include "/var/lib/samba/private/named.conf.update";
    };
    zone "corifeus.com <http://corifeus.com/>" {
        type master;
        file "/etc/bind/zones/enp1s0f2/corifeus.com
<http://corifeus.com/>";
    };
//    include "/var/lib/samba/private/named.conf";
};
view "external" {
    match-clients { any; };
    recursion no;
    additional-from-auth no;
    additional-from-cache no;
//    allow-transfer { any; }; // temporarily allowed for debugging
purposes
    allow-transfer { none; };
//    zone "namesystem.tk <http://namesystem.tk/>" IN {
//        type master;
//        file "/etc/bind/zones/external.namesystem.tk
<http://external.namesystem.tk/>";
//    };
};
Patrik
2018-07-25 10:25:34 UTC
Permalink
Is it possible that I have 2 routers on 1 server and 2 views? Should I just
use 1 connection to the same server?
I connect to to internet connection 1 for me downloading etc, and 1 for the
input for web, email, etc...
But I connected 2. The big problem is that I cannot turn off the server 2nd
view, I need exactly the 2 views and I still get a SERVFAIL, but after I do
it again, it will work, or on my workstation I have to refresh the browser
like many times.
Plus by now it cached my ip address, this is what is weird, that the first
time it is like that SERVFAIL and I have know idea what it is doing.
*Eg , the log:*
25-Jul-2018 09:18:27.737 client @0x7faa8c062b10 192.168.78.30#55939 (
ipv4.nop.hu): view internal-enp1s0f3: query failed (SERVFAIL) for
ipv4.nop.hu/IN/AAAA at ../../../bin/named/query.c:6885
25-Jul-2018 09:18:27.738 client @0x7faa8c062b10 192.168.78.30#55939 (
ipv4.nop.hu): view internal-enp1s0f3: query failed (SERVFAIL) for
ipv4.nop.hu/IN/AAAA at ../../../bin/named/query.c:6885
25-Jul-2018 09:18:28.401 client @0x7faa8c062b10 192.168.78.30#50670 (
ipv6.nop.hu): view internal-enp1s0f3: query failed (SERVFAIL) for
ipv6.nop.hu/IN/A at ../../../bin/named/query.c:8402
25-Jul-2018 09:18:28.401 client @0x7faac0184500 192.168.78.30#50670 (
ipv6.nop.hu): view internal-enp1s0f3: query failed (SERVFAIL) for
ipv6.nop.hu/IN/A at ../../../bin/named/query.c:6885
25-Jul-2018 09:18:28.402 client @0x7faa8c034d00
2001:470:1f1b:5b3::b4a#41540 (ipv6.nop.hu): view internal-enp1s0f3: query
failed (SERVFAIL) for ipv6.nop.hu/IN/A at ../../../bin/named/query.c:6885


*So as you told me to do it as:*

​***@workstation:/media/linux-nvme/home/patrikx3$ dig @192.168.81.20
com soa

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @192.168.81.20 com soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43117
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2f5d97d5314b65c4037161895b584e70ccafb7ee026ea3d0 (good)
;; QUESTION SECTION:
;com. IN SOA

;; ANSWER SECTION:
com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1532513892 1800
900 604800 86400

;; AUTHORITY SECTION:
. 10083 IN NS f.root-servers.net.
. 10083 IN NS k.root-servers.net.
. 10083 IN NS e.root-servers.net.
. 10083 IN NS m.root-servers.net.
. 10083 IN NS a.root-servers.net.
. 10083 IN NS j.root-servers.net.
. 10083 IN NS i.root-servers.net.
. 10083 IN NS g.root-servers.net.
. 10083 IN NS d.root-servers.net.
. 10083 IN NS c.root-servers.net.
. 10083 IN NS h.root-servers.net.
. 10083 IN NS l.root-servers.net.
. 10083 IN NS b.root-servers.net.

;; Query time: 34 msec
;; SERVER: 192.168.81.20#53(192.168.81.20)
;; WHEN: Wed Jul 25 12:18:24 CEST 2018
;; MSG SIZE rcvd: 341

***@workstation:/media/linux-nvme/home/patrikx3$ dig @192.168.81.20
production.cloudflare.docker.com +trace

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @192.168.81.20
production.cloudflare.docker.com +trace
; (1 server found)
;; global options: +cmd
;; Received 56 bytes from 192.168.81.20#53(192.168.81.20) in 0 ms

***@workstation:/media/linux-nvme/home/patrikx3$
​

Mark Andrews
2018-07-25 06:17:57 UTC
Permalink
So what do you get to this command when run on the recursive server?

dig aax-eu.amazon-adsystem.com aaaa @ns-911.amazon.com +dnssec +norec
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Patrik
2018-07-25 06:19:07 UTC
Permalink
***@server:~# dig aax-eu.amazon-adsystem.com aaaa @ns-911.amazon.com
+dnssec +norec

; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com aaaa @
ns-911.amazon.com +dnssec +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49254
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com. IN AAAA

;; AUTHORITY SECTION:
aax-eu.amazon-adsystem.com. 60 IN SOA ns-947.amazon.com. root.amazon.com.
1532498716 3600 900 7776000 60

;; Query time: 173 msec
;; SERVER: 52.9.140.222#53(52.9.140.222)
;; WHEN: Wed Jul 25 08:18:23 CEST 2018
;; MSG SIZE rcvd: 99

***@server:~#

I looks OKAY, but as I sent a previous 2nd e-mail it fails and the log
shows. Very weird.

*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36
20 342 8046
Post by Mark Andrews
So what do you get to this command when run on the recursive server?
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
Patrik
2018-07-25 10:08:24 UTC
Permalink
​
Hello!
Thank you very much.
So what do you mean "internal-enp1s0f3" view is configured to bump this
domain?
Is this a setting?

It looks like this for my views:
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };

notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};

include "/var/lib/samba/private/named.conf";

};


view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };

include "/etc/bind/named.conf.default-zones";

zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
// include "/var/lib/samba/private/named.conf.update";
};

zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};

// include "/var/lib/samba/private/named.conf";

};


view "external" {
match-clients { any; };

recursion no;
additional-from-auth no;
additional-from-cache no;

// allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };

// zone "namesystem.tk" IN {
// type master;
// file "/etc/bind/zones/external.namesystem.tk";
// };
};


​
Loading...