In message <526eba87.7040...@networktest.com>, David Newman writes: > > > 3. Another internal nameserver gets intermittent dig +dnssec errors on > > queries for internal resources. Sometimes after a restart, the result is > > NOERROR and other times it's NXDOMAIN or SERVFAIL.
Inconsistant use of views. The NOERROR will probably be coming from a the internal view and the NXDOMAIN from the external view (or the other way around). As for SERVFAIL you may have badly configured firewalls that are dropping fragmented responses, or responses > 512 bytes resulting in excessive timeouts and excessive use of TCP. This is more visible in a newly started server. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
