how does BIND resolvers pick the authoritative servers to query

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

how does BIND resolvers pick the authoritative servers to query

Bind-Users forum mailing list
I am seeing occasional SERVFAILs when I flush BIND cache then run test queries with dig.
Can someone let me know how BIND picks the authoritative server to query?

From what I know, BIND picks an authoritative server by assign random RTT to authoritative servers then queries the one with smallest RTT. If BIND picks an ipv6 authoritative server, and it can't reach it due to iptables/networking route and etc. Will it try the next authoritative which maybe an ipv4 authoritative server?


The particular record that I have problems is s.afl.com.au which has two auths (dns1.cscdns.net. and dns2.cscdns.net). Both of these auths have ipv4 and ipv6 address. This is how to run my tests:
for i in {1..10}; do rndc flush; dig @localhost s.afl.com.au; sleep 3; done |grep -i status

I wonder the SERVFAILs I see is due BIND picks the ipv6 auth which is not reachable and causes SERVFAILs.

After I updated BIND (9.11.2) to only do ipv4, my test queries went fine without issues.







_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users