У меня есть 3 DNS-сервера на привязке 9.9.4 (RHEL7), настроенных как 1 главный и 2 подчиненных. Сегодня я обнаружил, что запрос домена "desktop.telegram.org" вызывает SERVFAIL на всех этих серверах. Запрос других доменов все еще работает.
# dig @127.0.0.1 desktop.telegram.org +trace
работают нормально.
Некоторые результаты отладки ниже:
# rndc trace 9
# grep '127.0.0.1' /var/named/data/named.run
31-May-2017 15:41:25.683 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:25.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:25.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:25.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:25.684 client 127.0.0.1#56542: query
31-May-2017 15:41:25.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:25.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:30.684 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:30.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:30.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:30.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:30.684 client 127.0.0.1#56542: query
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): request failed: duplicate query
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest
31-May-2017 15:41:35.684 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:35.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:35.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:35.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:35.684 client 127.0.0.1#56542: query
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): request failed: duplicate query
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): query failed (SERVFAIL) for desktop.telegram.org/IN/A at query.c:7003
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): error
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): send
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): sendto
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): senddone
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest
named.conf:
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
version "none";
allow-recursion{ 127.0.0.1; my.internal.dns.server.ip1; my.internal.dns.server.ip2; };
dnssec-enable yes;
dnssec-validation auto;
notify no;
allow-transfer { none; };
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
print-time yes;
};
};
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
zone "." IN {
type hint;
file "/var/named/named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "mydomain.com" {
type slave;
file "mydomain.com";
masters { master.server.ip; };
};
zone ... (my domains)
UPD: После перезапуска демона проблема ушла. Я не перезагружал демон на одном из серверов, чтобы при необходимости воспроизвести проблему.