[MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood

David Kowis dkowis at shlrm.org
Thu Jun 2 15:12:53 EDT 2011 

Hi,

I posted before my configuration that had issues with the rfc_1918 line.

I also had to enable the MX lookup stuff, because I run my own mail server.

Sometimes, however, I get errors resolving things:

root at monitor:~# dig @10.10.220.231 secure.newegg.com
;; Warning: ID mismatch: expected ID 19551, got 45781

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached


This is a Fedora 14 box, and I'm just doing a simple dig. Doing the same
request a few moments later, I get a proper result. This seems to happen
randomly, I'm unable to place what specifically causes it. Actually, I
think I can get it to happen the first time I turn the server on
querying for secure.newegg.com:

root at monitor:~# dig @10.10.220.231 secure.newegg.com

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59764
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;secure.newegg.com.             IN      A

;; Query time: 2605 msec
;; SERVER: 10.10.220.231#53(10.10.220.231)
;; WHEN: Thu Jun  2 14:07:20 2011
;; MSG SIZE  rcvd: 35


Right after a restart of the service, I get this. I was able to query
out www.google.com right before doing this, running it a second time, I
got another SERVFAIL.

the third time:
root at monitor:~# dig @10.10.220.231 secure.newegg.com

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.231 secure.newegg.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63495
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;secure.newegg.com.             IN      A

;; ANSWER SECTION:
secure.newegg.com.      1800    IN      A       216.52.208.188

;; Query time: 53 msec
;; SERVER: 10.10.220.231#53(10.10.220.231)
;; WHEN: Thu Jun  2 14:08:21 2011
;; MSG SIZE  rcvd: 51


Something's not right, but I'm uncertain what verbosity level will barf
enough data out in the logs to reveal it.


At level 10, all I have in my syslog:
Jun  2 14:09:58 zephon Deadwood: Deadwood version 3.0.02
Jun  2 14:09:58 zephon Deadwood: Deadwood: A DNS UDP non-recursive cache
(IPv6 supported)
Jun  2 14:09:58 zephon Deadwood: Verbose_level set to 10
Jun  2 14:09:58 zephon Deadwood: We bound to 1 addresses
Jun  2 14:09:58 zephon Deadwood: add_constant is set to 0x24dc4f48


I'm uncertain as to why deadwood can sometimes resolve secure.newegg.com
(and other sites, but I've been testing with secure.newegg.com) and
other times fail with SERVFAIL or respond with an invalid ID.

Thanks,
David

More information about the list mailing list