I have dns cache servers. I am using BIND 9.8.3-P1 or dnscache(djbdns cache). I see very often errors in my log "unexpected RCODE SERVFAIL". Both bind9 and dnscache have that problem. In tcpdump i see that they not even ask authoritative servers. With nslookup from the same machine i get correct answers from authoritative servers.
It seems my cache servers puts in their cache servfail answers and don't bother to ask again. I think that by RFC they shouldn't put SERVFAIL answers at all. Any ideas will be appreciated.
No comments:
Post a Comment