[MaraDNS list] ID mismatch/SERVFAIL errors on my new deadwood

Sam Trenholme strenholme.usenet at gmail.com
Fri Jun 3 09:33:35 EDT 2011


> The ID mismatch I'm having trouble reproducing, the SERVFAIL I can
> consistently reproduce, as you have stated.

OK, let's start with the secure.newegg.com SERVFAIL issue.  What's
going on here?  Let me take a look.  When I do that query and get the
server fail, here is what Deadwood tells us when verbose_level is set
to 500:

Got DNS query for \006secure\006newegg\003com\000\000\001
Looking in cache for query \006secure\006newegg\003com\000\000\001
Nothing found for \006secure\006newegg\003com\000\000\001
Making connection to IP 128.63.2.53
Processing NS refer for \006secure\006newegg\003com\000\000\001
Making connection to IP 192.33.14.30
Processing NS refer for \006secure\006newegg\003com\000\000\001
Making connection to IP 204.74.108.1
Processing NS refer for \006secure\006newegg\003com\000\000\001
Making connection to IP 204.14.213.149
Connection for query \006secure\006newegg\003com\000\000\001 did not
respond; trying again
Making connection to IP 216.52.208.149
Got DNS query for \006secure\006newegg\003com\000\000\001
Looking in cache for query \006secure\006newegg\003com\000\000\001
Nothing found for \006secure\006newegg\003com\000\000\001
Connection for query \006secure\006newegg\003com\000\000\001 did not
respond; trying again
Making connection to IP 204.14.213.149
Got DNS query for \006secure\006newegg\003com\000\000\001
Looking in cache for query \006secure\006newegg\003com\000\000\001
Nothing found for \006secure\006newegg\003com\000\000\001
Sending SERVER FAIL for query \006secure\006newegg\003com\000\000\001
Sending SERVER FAIL for query \006secure\006newegg\003com\000\000\001
Sending SERVER FAIL for query \006secure\006newegg\003com\000\000\001

We do the dig again, which works.  Here is what Deadwood logs:

Got DNS query for \006secure\006newegg\003com\000\000\001
Looking in cache for query \006secure\006newegg\003com\000\000\001
Nothing found for \006secure\006newegg\003com\000\000\001
Making connection to IP 204.14.213.149
Caching direct answer at \006secure\006newegg\003com\000\000\001
Looking in cache for query \006secure\006newegg\003com\000\000\001
Fetching \006secure\006newegg\003com\000\000\001 from cache

So, what we're seeing is that we're making a connection but, for
as-yet unknown reasons, Deadwood doesn't always like the answer it's
getting upstream.

There doesn't seem to be anything unusual with Newegg's DNS servers:

$ askmara Asecure.newegg.com. 204.14.213.149
# Querying the server with the IP 204.14.213.149
# Question: Asecure.newegg.com.
secure.newegg.com. +1800 a 216.52.208.188
# NS replies:
# AR replies:

$ askmara Asecure.newegg.com. 216.52.208.149
# Querying the server with the IP 216.52.208.149
# Question: Asecure.newegg.com.
secure.newegg.com. +1800 a 216.52.208.188
# NS replies:
# AR replies:

So, now that I've done a cursory examination of what's going on, the
next step is for me to start debugging Deadwood's code and see why it
doesn't like Newegg's DNS server.  I will do this one week today: June
10, 2011, since that's the next day I have set aside for
MaraDNS/Deadwood bug-fixing.

- Sam


More information about the list mailing list