I'm having a problem trying to look up a certain DNS name on the internet. For some reason I keep facing a SERVFAIL thought the correct result is displayed - like the DNS name is being resolved twice (external/local?).
I have no trouble looking up anything else, but this single DNS name gives me a headache. Other servers within my farm do lookups fine on this domain.
Let me give you some informations.
OS: Ubuntu 14 (with bind9 installed)
/etc/resolv.conf:
nameserver 208.67.222.222 # opendns
nameserver 127.0.0.1
The faulty lookup:
# host whois.verisign-grs.com
whois.verisign-grs.com has address 199.7.48.74
whois.verisign-grs.com has IPv6 address 2001:503:5419:1000::74
Host whois.verisign-grs.com not found: 2(SERVFAIL)
If i did not have the opendns entry in my resolv.conf, the error would either be a timeout (usually the first answer) or the SERVFAIL.
Could the local lookup tools be broken, or could it happen that my DNS lookups are blocked on some level?
hostseems to query each of nameserver entries in resolv.conf in the order. That's maybe why you got an answer and then aSERVFAILstatus when it request your local DNS server.To avoid that behavior, specify the server you want to query:
host whois.verisign-grs.com 208.67.222.222Don't forget that
resolv.confis not a configuration file of BIND but of your machine to know to which server DNS request will be forwarded.If you want to make your own BIND server answer even if it doesn't own the records, set some forwarders.
I tried and had the same issue with my BIND server:
dig @0 whois.verisign-grs.comgave me a SERVFAIL status.dig @208.67.222.222 whois.verisign-grs.coman answer.Flush your DNS cache:
Then request again: