The servers for manage.logicboxes.com return SERVFAIL to A queries. Named doesn't parse any further than seeing the SERVFAIL.
Mark ; <<>> DiG 9.6.0-APPLE-P2 <<>> ns manage.logicboxes.com @D.SERVICE.AFILIASDNS.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21867 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;manage.logicboxes.com. IN A ;; ANSWER SECTION: manage.logicboxes.com. 14400 IN CNAME www.myorderbox.com. ;; Query time: 217 msec ;; SERVER: 2001:500:18::254#53(2001:500:18::254) ;; WHEN: Thu Jun 30 20:45:52 2011 ;; MSG SIZE rcvd: 68 In message <4e0c3e1c.5040...@mailclub.fr>, Laurent Bauer writes: > Hello, > > I have a problem resolving "manage.logicboxes.com" with bind. I tried > versions 9.7.3, 9.7.1-P2 and 9.6-ESV-R1, all of them return a SERVFAIL > with a pretty long query time : > > ; <<>> DiG 9.7.1-P2 <<>> manage.logicboxes.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13208 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;manage.logicboxes.com. IN A > > ;; Query time: 1246 msec > > Same error with "+cd" (there are no DS or signatures anywhere in the > related zones anyway, except for .com) > But "dig +trace" returns the correct CNAME as an answer : > manage.logicboxes.com. 14400 IN CNAME www.myorderbox.com. > as do every authoritative NS when querying them separately. > Also, bind resolves the CNAME itself. > > Here are some debug messages, I am not sure what they exactly mean > (particularly the "failure/success" part) : > > 30-Jun-2011 10:25:23.586 query-errors: debug 1: client > 192.168.1.125#45637: query failed (SERVFAIL) for > manage.logicboxes.com/IN/A at query.c:4651 > 30-Jun-2011 10:25:23.587 query-errors: debug 2: fetch completed at > resolver.c:3088 for manage.logicboxes.com/A in 1.247324: failure/success > [domain:logicboxes.com,referral:0,restart:2,qrysent:12,timeout:0,lame:0,neterr > :0,badresp:12,adberr:0,findfail:0,valfail:0] > > Some other resolvers (opendns, google) return the expected answer : > ; <<>> DiG 9.7.1-P2 <<>> manage.logicboxes.com @8.8.8.8 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8347 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;manage.logicboxes.com. IN A > > ;; ANSWER SECTION: > manage.logicboxes.com. 12110 IN CNAME www.myorderbox.com. > www.myorderbox.com. 84110 IN A 67.15.47.4 > > Is bind less tolerant about some kind of setup mistake (which I don't > get, anyway) ? > I checked "logicboxes.com" with zonecheck, which fails because the NS IP > addresses are not unique (and also some warnings about refresh/retry > values and NS not answering to ICMP requests) but I don't think that > explains my problem. > > Last question : is it OK that the primary server in the SOA field is > just "." ? > logicboxes.com. 86400 IN SOA . hostmaster.logicboxes.com. 6 900 300 > 864000 600 > > Thanks for helping > > Laurent > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users