[prev in list] [next in list] [prev in thread] [next in thread]
List: bind-users
Subject: Re: SERVFAIL and peak utilization
From: Alex <mysqlstudent () gmail ! com>
Date: 2018-07-27 20:46:38
Message-ID: CAB1R3shdOaqaKv32VDyXmR12xvypS0zxG80mWDeBe=BsvuoZqA () mail ! gmail ! com
[Download RAW message or body]
Hi, I'm still having a problem and haven't received any replies. Is
there anyone with any ideas on how to troubleshoot this?
What other information can I provide to help troubleshoot this?
On Thu, Jul 26, 2018 at 5:49 PM, Alex <mysqlstudent@gmail.com> wrote:
> Hi, here is some further debugging on what I believe are queries
> involving SERVFAIL:
>
> 26-Jul-2018 17:44:40.168 query-errors: debug 1: client @0x7fbee80f39b0
> 127.0.0.1#61547 (69.248.70.96.bad.psky.me): query failed (SERVFAIL)
> for 69.248.70.96.bad.psky.me/IN/A at ../../../bin/named/query.c:8580
> 26-Jul-2018 17:44:40.168 query-errors: debug 2: fetch completed at
> ../../../lib/dns/resolver.c:3927 for 69.248.70.96.bad.psky.me/A in
> 10.000096: timed out/success
> [domain:psky.me,referral:1,restart:2,qrysent:4,timeout:3,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
> 26-Jul-2018 17:44:40.172 query-errors: debug 1: client @0x7fbed81218a0
> 127.0.0.1#61547 (176.216.85.209.psbl.surriel.com): query failed
> (SERVFAIL) for 176.216.85.209.psbl.surriel.com/IN/A at
> ../../../bin/named/query.c:8580
> 26-Jul-2018 17:44:40.172 query-errors: debug 2: fetch completed at
> ../../../lib/dns/resolver.c:3927 for 176.216.85.209.psbl.surriel.com/A
> in 10.000128: timed out/success
> [domain:psbl.surriel.com,referral:2,restart:1,qrysent:2,timeout:1,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
> 26-Jul-2018 17:44:40.173 query-errors: debug 1: client @0x7fbedc134ed0
> 127.0.0.1#61547 (176.216.85.209.dnsbl-3.uceprotect.net): query failed
> (SERVFAIL) for 176.216.85.209.dnsbl-3.uceprotect.net/IN/A at
> ../../../bin/named/query.c:8580
> 26-Jul-2018 17:44:40.173 query-errors: debug 2: fetch completed at
> ../../../lib/dns/resolver.c:3927 for
> 176.216.85.209.dnsbl-3.uceprotect.net/A in 10.000097: timed
> out/success [domain:dnsbl-3.uceprotect.net,referral:2,restart:1,qrysent:2,timeout:1,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
>
> There appears to be a few timeout errors. Is this an indication there
> is a performance problem with the cable modem or connection?
>
> Thanks,
> Alex
>
>
> On Thu, Jul 26, 2018 at 1:57 PM, John Miller <johnmill@brandeis.edu> wrote:
> > Hi Alex,
> >
> > What does your query volume look like on this server? Depending on
> > volume, the BIND defaults for:
> >
> > - clients-per-query
> > - max-clients-per-query
> > - recursive-clients
> > - tcp-clients
> >
> > and others may not be set high enough. Check pp. 106-108 in the
> > latest 9.11 manual for more details on each of these.
> >
> > Of course, if you're only seeing SERVFAIL for a handful of domains,
> > then they may have some sort of delegation issue, or there might be a
> > network issue between your caching servers and them.
> >
> > John
> >
> >
> > On Thu, Jul 26, 2018 at 1:07 PM, Alex <mysqlstudent@gmail.com> wrote:
> > > Hi,
> > >
> > > I have a bind-9.11.4 server on a fedora28 system and are frequently
> > > seeing SERVFAIL errors like this:
> > >
> > > 26-Jul-2018 12:54:04.255 query-errors: info: client @0x7f764314a5c0
> > > 127.0.0.1#50719 (223.178.102.199.cidr.bl.mcafee.com): query failed
> > > (SERVFAIL) for 223.178.102.199.cidr.bl.mcafee.com/IN/A at
> > > ../../../bin/named/query.c:4140
> > >
> > > I believe this happens more frequently at times of peak link
> > > utilization, but it also appears to happen during normal times.
> > >
> > > This is a local caching server I've set up but it also appears to
> > > exist on other systems that have been set up to be authoritative for
> > > our domain.
> > >
> > > How can I troubleshoot this further?
> > >
> > > Here is the named.conf for this caching server:
> > >
> > > acl "trusted" {
> > > { 127/8; };
> > > { 68.195.191.40/29; };
> > > { 192.168.1.0/24; };
> > > { 107.155.67.2/32; };
> > > };
> > >
> > > options {
> > > listen-on port 53 { 127.0.0.1; 68.195.191.45; };
> > > listen-on-v6 port 53 { none; };
> > > directory "/var/named";
> > > dump-file "/var/named/data/cache_dump.db";
> > > statistics-file "/var/named/data/named.stats"; // _PATH_STATS
> > > memstatistics-file "/var/named/data/named.memstats"; // _PATH_MEMSTATS
> > > allow-query { trusted; };
> > > recursion yes;
> > > zone-statistics yes;
> > >
> > > // dnssec-enable yes;
> > > // dnssec-validation yes;
> > > // dnssec-lookaside auto;
> > >
> > > dnssec-enable no;
> > > dnssec-validation no;
> > > dnssec-lookaside no;
> > >
> > > /* Path to ISC DLV key */
> > > bindkeys-file "/etc/named.iscdlv.key";
> > >
> > > managed-keys-directory "/var/named/dynamic";
> > >
> > > };
> > >
> > > logging {
> > > channel default_debug {
> > > file "data/named.run";
> > > severity dynamic;
> > > };
> > >
> > > // Record all queries to the box for now
> > > channel query_info {
> > > severity info;
> > > file "/var/log/named.query.log" versions 3 size 10m;
> > > print-time yes;
> > > print-category yes;
> > > };
> > >
> > > // added for fail2ban support
> > > channel security_file {
> > > severity dynamic;
> > > file "/var/log/named.security.log" versions 3 size 30m;
> > > print-time yes;
> > > print-category yes;
> > > };
> > >
> > > channel b_debug {
> > > file "/var/log/named.debug.log" versions 2 size 10m;
> > > print-time yes;
> > > print-category yes;
> > > print-severity yes;
> > > severity dynamic;
> > > };
> > >
> > > // Send the security related messages to a separate file.
> > > channel audit_log {
> > > file "/var/log/named.audit.log" versions 4 size 10m;
> > > severity info;
> > > print-time yes;
> > > print-category yes;
> > > };
> > >
> > >
> > > category queries { query_info; };
> > > category default { b_debug; };
> > > category config { b_debug; };
> > > category security { security_file; };
> > > // category lame-servers { audit_log; };
> > > category lame-servers { null; };
> > >
> > > };
> > >
> > > zone "." IN {
> > > type hint;
> > > file "/var/named/named.ca";
> > > };
> > >
> > > zone "localhost.localdomain" IN {
> > > type master;
> > > file "named.localhost";
> > > allow-update { none; };
> > > };
> > >
> > > zone "localhost" IN {
> > > type master;
> > > file "named.localhost";
> > > allow-update { none; };
> > > };
> > >
> > > zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> > > IN {
> > > type master;
> > > file "named.loopback";
> > > allow-update { none; };
> > > };
> > >
> > > zone "1.0.0.127.in-addr.arpa" IN {
> > > type master;
> > > file "named.loopback";
> > > allow-update { none; };
> > > };
> > >
> > > zone "0.in-addr.arpa" IN {
> > > type master;
> > > file "named.empty";
> > > allow-update { none; };
> > > };
> > >
> > > include "/etc/named.root.key";
> > > include "/etc/rndc.key";
> > > _______________________________________________
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe \
> > from this list
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from \
this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic