Re: SERVFAIL on IPv6 tunnelbroker network

Tue, 24 Jul 2018 23:06:01 -0700 

Hi Patrik,
I don't see any SERVFAIL querying for this AAAA record.  maybe your"internal-enp1s0f3" view is configured to bump this domain? 

Kind Regards Peter

dig aax-eu.amazon-adsystem.com aaaa

; <<>> DiG 9.10.2-P4 <<>> aax-eu.amazon-adsystem.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32650
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com.    IN      AAAA

;; AUTHORITY SECTION:

aax-eu.amazon-adsystem.com. 60  IN      SOA ns-924.amazon.com. 
root.amazon.com. 1532498091 3600 900 7776000 60


;; Query time: 67 msec
;; SERVER: 205.166.94.20#53(205.166.94.20)
;; WHEN: Wed Jul 25 05:59:58 UTC 2018
;; MSG SIZE  rcvd: 110


On 25/07/2018 07:52, Patrik wrote:

Hello!

How are you?

I started having a problem with BIND9. Something must have changed, 
because I start getting SERVFAIL a lot.

Looks like this:

25-Jul-2018 07:44:09.647 client @0x7fa268223c10 192.168.78.30#56577 
(aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>): view 
internal-enp1s0f3: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/AAAA 
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 
(aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>): view 
internal-enp1s0f2: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/AAAA 
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2440c7ef0 
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com 
<http://aax-eu.amazon-adsystem.com>): view internal-enp1s0f3: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA 
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.647 client @0x7fa2380e1ea0 192.168.81.30#41771 
(aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>): view 
internal-enp1s0f2: query failed (SERVFAIL) for 
aax-eu.amazon-adsystem.com/IN/AAAA 
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0 
2001:470:1f1b:5b3::b4a#41516 (aax-eu.amazon-adsystem.com 
<http://aax-eu.amazon-adsystem.com>): view internal-enp1s0f3: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA 
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2340836e0 
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com 
<http://aax-eu.amazon-adsystem.com>): view internal-enp1s0f2: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA 
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at 
../../../bin/named/query.c:6885
25-Jul-2018 07:44:09.648 client @0x7fa2440c7ef0 
2001:470:1f1b:5b5::b4a#50353 (aax-eu.amazon-adsystem.com 
<http://aax-eu.amazon-adsystem.com>): view internal-enp1s0f2: query 
failed (SERVFAIL) for aax-eu.amazon-adsystem.com/IN/AAAA 
<http://aax-eu.amazon-adsystem.com/IN/AAAA> at 
../../../bin/named/query.c:6885



To me, it looks like, the requests try the AAAA ipv6 addresses but 
they are not in IPv6 and because of that it gives a SERVFAIL.
Is there a way to give a priority to the BIND9 request before the IPv6 
and first try the IPv4 and if there is no IPv4 result, then try IPv6. 
Because now, it gives a few SERVFAIL (I have to refresh the browser, 
to make it work to get), I guess, get the IPv4 if only works after a 
few refreshes.

Even, if I do a dig on it iit shows, there is no AAAA:

root@server:/etc/nginx/sites-enabled# dig aax-eu.amazon-adsystem.com 
<http://aax-eu.amazon-adsystem.com>



; <<>> DiG 9.11.3-2-Debian <<>> aax-eu.amazon-adsystem.com 
<http://aax-eu.amazon-adsystem.com>

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45e832118506bb5a0758eeb5b580e51c9b57c8a8d971011 (good)
;; QUESTION SECTION:
;aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>.INA

;; ANSWER SECTION:

aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>. 
60INA52.94.216.48


;; AUTHORITY SECTION:

aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>. 
860INNSns-921.amazon.com <http://ns-921.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>. 
860INNSns-911.amazon.com <http://ns-911.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>. 
860INNSns-932.amazon.com <http://ns-932.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>. 
860INNSns-931.amazon.com <http://ns-931.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>. 
860INNSns-912.amazon.com <http://ns-912.amazon.com>.
aax-eu.amazon-adsystem.com <http://aax-eu.amazon-adsystem.com>. 
860INNSns-923.amazon.com <http://ns-923.amazon.com>.


;; Query time: 52 msec
;; SERVER: 192.168.78.20#53(192.168.78.20)
;; WHEN: Wed Jul 25 07:44:49 CEST 2018
;; MSG SIZE  rcvd: 232


Is there any solution for this? It just started happening in the last 
week.

*_
_*
*_Patrik_*

WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | 
NPM <https://www.npmjs.com/%7Epatrikx3> | Corifeus 
<https://corifeus.com> | +36 20 342 8046





_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to