02-01-2008 12:53 PM
In our file "errors.current", we have many tousends of such entries:
Fri Feb 1 13:24:49 2008 Warning: Received an invalid DNS Response: rcode=ServFail data="'\\x8e\\x85\\x81\\x82\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x0edrillerssupply\\x03com\\x00\\x00\\x0f\\x00\\x01'" to IP 10.168.3.24 looking up drillerssupply.com
02-04-2008 06:27 PM
This indicates that DNS server 10.168.3.24 returned a 'servfail' when it attempted to lookup domain 'drillerssupply.com' in DNS. SERVFAIL means that the domain does exist and the root name servers have information on this domain, but that the authoritative name servers are not answering queries for this domain.
I got a 'servfail' response when i attempted to lookup this domain from my workstation.
bash-3.00# dig MX drillerssupply.com
; <<>> DiG 9.2.4 <
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;drillerssupply.com. IN MX
;; Query time: 178 msec
;; SERVER: 172.17.128.3#53(172.17.128.3)
;; WHEN: Mon Feb 4 16:52:10 2008
;; MSG SIZE rcvd: 36
Seeing lots of these messages in the logs indicates that there are lots of emails going to sites that have garbaged DNS replies. It would also mean that the local DNS server is flaky. Based upon this particular example, i would lean on the former.
03-13-2008 11:08 AM
I have to come back on this:
In the IronPort Support Knowledge Base, I have found the AnswerID 684 and the section:
4. DNS:We are such customers :oops:
Many customers force the IronPorts to query their internal DNS servers out of habit. In most installations 100% of the DNS records we need are on the Internet, not in the internal DNS. It makes more sense to query the Internet root servers, reducing the forwarding load on the internal DNS.
03-13-2008 04:06 PM
In most cases, we have found customers get better performance using the ROOT domain servers alone.
03-13-2008 06:54 PM
SERVFAIL means that the domain does exist and the root name servers have information on this domain, but that the authoritative name servers are not answering queries for this domain.
The name server was unable to process this query due to a problem with the name server.
03-13-2008 08:09 PM
Thank you for this explanation.
Is it right, that this specific kind of SERVFAIL (because of the data="'\\x8e\\x85\\x81\\x82\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x0edrillerssupply\\x03com\\x00\\x00\\x0f\\x00\\x01') never ever can be successfull? Or is this syntax the usual way to get the needed information from a DNS-Server?
03-13-2008 09:04 PM
Or is this syntax the usual way to get the needed information from a DNS-Server?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: