[Opendnssec-user] SOA queries -> ServFail?

Havard Eidnes he at uninett.no
Tue May 30 13:06:19 UTC 2017


I'm using DNS AXFR/IXFR to transfer zones out of my OpenDNSSEC
installation.  Today I had occasion to look a bit closer at what
the downstream BIND was logging, and it logged all too frequently
that OpenDNSSEC returned a "SERVFAIL" error response.

Turns out that this is in response to the SOA queries it issues:

14:49:39.571605 IP xxxx.42494 > yyyy.domain: 21758 [2au] SOA? 58.39.128.in-addr.arpa. (140)
14:49:39.572698 IP yyyy.domain > xxxx.42494: 21758 ServFail- 0/0/2 (140)
14:49:40.071747 IP xxxx.42892 > yyyy.domain: 55296 [1au] SOA? 58.39.128.in-addr.arpa. (129)
14:49:40.073077 IP yyyy.domain > xxxx.42892: 55296 ServFail- 0/0/1 (129)

Is this expected behaviour, i.e. are SOA queries not part of the
reportoire which OpenDNSSEC implements?  If so, that's a surprise...

This is with OpenDNSSEC 1.4.13.


- Håvard

More information about the Opendnssec-user mailing list