[Opendnssec-user] SOA queries -> ServFail?
he at uninett.no
Tue May 30 13:06:19 UTC 2017
I'm using DNS AXFR/IXFR to transfer zones out of my OpenDNSSEC
installation. Today I had occasion to look a bit closer at what
the downstream BIND was logging, and it logged all too frequently
that OpenDNSSEC returned a "SERVFAIL" error response.
Turns out that this is in response to the SOA queries it issues:
14:49:39.571605 IP xxxx.42494 > yyyy.domain: 21758 [2au] SOA? 58.39.128.in-addr.arpa. (140)
14:49:39.572698 IP yyyy.domain > xxxx.42494: 21758 ServFail- 0/0/2 (140)
14:49:40.071747 IP xxxx.42892 > yyyy.domain: 55296 [1au] SOA? 58.39.128.in-addr.arpa. (129)
14:49:40.073077 IP yyyy.domain > xxxx.42892: 55296 ServFail- 0/0/1 (129)
Is this expected behaviour, i.e. are SOA queries not part of the
reportoire which OpenDNSSEC implements? If so, that's a surprise...
This is with OpenDNSSEC 1.4.13.
More information about the Opendnssec-user