BIND authoritative name server: SERVFAIL?
I have a BIND 9.6 instance that acts as a caching NS for the whole building and is also authoritative for an internal zone ("example" below):
zone "example" {
type master;
file "example";
update-policy { grant dhcp-update subdomain example. A TXT; };
};
Due to a rogue switch we lost connectivity with the rest of the world, and the NS started answering SERVFAIL; what surprised me was that the server was also unable to respond to queries for the example domain.
What is the reason of this behavior? Shouldn't the NS be able to answer since it has authoritative data?
edit: The rest of the configuration is the standard one shipped with Debian: hints for the root servers and the zones for localhost and broadcast.
Solution 1:
You can turn up debugging to see if that doesn't directly answer your question. However, I'd suspect that the permissions on your zone file aren't allowing the bind user to read the file.
I define all my logging options in named.logging.conf and then use an include in the main file:
logging {
channel default_syslog {
// Send most of the named messages to syslog.
syslog local2;
severity debug;
};
channel audit_log {
// Send the security related messages to a separate file.
file "/var/named/system/named.log";
severity debug;
print-time yes;
};
channel null {
null;
};
category default { default_syslog; };
category general { default_syslog; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { null; };
};
and then in named.conf:
root@dnsm02:/etc/bind# grep logging named.conf
include "/etc/bind/named.logging.conf";
Additionally, you don't mention views, but if you have any views defined, then all of your zones must be in defined views.