[Pdns-users] SERVFAIL pdns-recursor
bert hubert
bert.hubert at netherlabs.nl
Sun Nov 1 19:21:38 UTC 2015
Federico,
I mostly see you have timeouts to the internet. I also note that your server
is listed in the open resolver project:
http://openresolverproject.org/search2.cgi?botnet=yessir&search_for=87.81.223.0%2F24
It may be that your server is sometimes used for abuse purposes, and that
folks filter it because of that.
Anyhow, let's watch the graphs for a bit to see what happens.
Bert
On Sun, Nov 01, 2015 at 06:04:57PM +0000, Federico Olivieri wrote:
> Yeap. It works now! In relation to the SERVFAIL "investigation" what is
> going to be the next step :)
>
> Thanks!
>
> 2015-11-01 17:41 GMT+00:00 bert hubert <bert.hubert at netherlabs.nl>:
>
> > Try banana-836 and it'll appear on http://metronome1.powerdns.com
> > On Nov 1, 2015 18:23, Federico Olivieri <lvrfrc87 at gmail.com> wrote:
> >
> > Thanks Bert
> >
> > I had forgotten about your carbon server. That's such amazing! :D
> >
> > Just configured with the name of *pdns.banana.836.* I can see the traffic
> > sent by my server
> >
> > 17:19:54.754148 IP6 metrics.powerdns.com.cfinger >
> > 2a02:c7d:ca1b:a701:d250:99ff:fe53:f2fc.41817: Flags [.], ack 1369, win 246,
> > options [nop,nop,TS val 3602624055 ecr 23273906], length 0
> > 17:19:54.754300 IP6 metrics.powerdns.com.cfinger >
> > 2a02:c7d:ca1b:a701:d250:99ff:fe53:f2fc.41817: Flags [.], ack 2737, win 268,
> > options [nop,nop,TS val 3602624061 ecr 23273906], length 0
> > 17:19:54.787272 IP6 metrics.powerdns.com.cfinger >
> > 2a02:c7d:ca1b:a701:d250:99ff:fe53:f2fc.41817: Flags [.], ack 3465, win 290,
> > options [nop,nop,TS val 3602624064 ecr 23273906], length 0
> > 17:19:54.800580 IP6 metrics.powerdns.com.cfinger >
> > 2a02:c7d:ca1b:a701:d250:99ff:fe53:f2fc.41817: Flags [F.], seq 1, ack 3466,
> > win 290, options [nop,nop,TS val 3602624064 ecr 23273906], length 0
> > 17:19:54.800752 IP6 2a02:c7d:ca1b:a701:d250:99ff:fe53:f2fc.41817 >
> > metrics.powerdns.com.cfinger: Flags [.], ack 2, win 225, options
> > [nop,nop,TS val 23273941 ecr 3602624064], length 0
> >
> > What is the next step?!
> >
> > Thank you for your time,
> >
> > Federico
> >
> > 2015-11-01 15:31 GMT+00:00 bert hubert <bert.hubert at powerdns.com>:
> >
> > On Sun, Nov 01, 2015 at 03:23:42PM +0000, Federico Olivieri wrote:
> > > Hi guys!
> > > Any suggestions/clue?
> >
> > It says 'timeouts', which suggests you might have issues reaching google.
> > Please point your recursor to metronome as explained in
> > http://blog.powerdns.com/2014/12/11/powerdns-graphing-as-a-service/
> > so we can diagnose if there are network issues.
> >
> > Thanks!
> >
> > >
> > > Thanks in advance
> > >
> > > Federico
> > > On 30 Oct 2015 12:06, "Federico Olivieri" <lvrfrc87 at gmail.com> wrote:
> > >
> > > > Hi guys,
> > > >
> > > > I know that this topics has been already discussed in the past but
> > > > unfortunately the answer gave are not really clear to me (for a my
> > leak of
> > > > knowledge :) )
> > > >
> > > > On my server I can see many SERVFAIL error messages. Some of them are
> > > > related to invers arp (not interested in them) other, are related to
> > more
> > > > common domani name (as youtube, facebook and google)
> > > >
> > > > i.e
> > > >
> > > > oot at banana:/var/log# cat messages.1 | grep "SERVFAIL" | grep -v
> > > > "in-addr.arpa" | grep "google"
> > > > Oct 22 17:05:58 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'mtalk.google.com.' because: Too much
> > time
> > > > waiting for mtalk.google.com.|A, timeouts: 5, throttles: 2, queries: 6,
> > > > 8076msec
> > > > Oct 22 17:05:59 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'www.google.com.' because: Too much
> > time
> > > > waiting for www.google.com.|A, timeouts: 5, throttles: 0, queries: 6,
> > > > 8746msec
> > > > Oct 22 17:05:59 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of '1.client-channel.google.com.' because:
> > > > Too much time waiting for 1.client-channel.google.com.|A, timeouts: 5,
> > > > throttles: 0, queries: 6, 8745msec
> > > > Oct 22 17:05:59 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of '1.client-channel.google.com.' because:
> > > > Too much time waiting for 1.client-channel.google.com.|A, timeouts: 5,
> > > > throttles: 0, queries: 6, 8261msec
> > > > Oct 22 17:05:59 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'www.google.com.' because: Too much
> > time
> > > > waiting for www.google.com.|A, timeouts: 5, throttles: 0, queries: 6,
> > > > 8261msec
> > > > Oct 22 17:05:59 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'mtalk.google.com.' because: Too much
> > time
> > > > waiting for mtalk.google.com.|A, timeouts: 5, throttles: 2, queries: 6,
> > > > 8365msec
> > > > Oct 22 17:06:01 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'mtalk.google.com.' because: Too much
> > time
> > > > waiting for mtalk.google.com.|A, timeouts: 5, throttles: 5, queries: 6,
> > > > 8103msec
> > > > Oct 22 17:06:01 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'www.google.com.' because: Too much
> > time
> > > > waiting for www.google.com.|A, timeouts: 5, throttles: 1, queries: 6,
> > > > 8161msec
> > > > Oct 22 17:06:01 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of '1.client-channel.google.com.' because:
> > > > Too much time waiting for 1.client-channel.google.com.|A, timeouts: 5,
> > > > throttles: 1, queries: 6, 8160msec
> > > > Oct 22 17:06:03 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'mtalk.google.com.' because: Too much
> > time
> > > > waiting for mtalk.google.com.|A, timeouts: 5, throttles: 4, queries: 6,
> > > > 8191msec
> > > > Oct 22 17:06:04 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of '1.client-channel.google.com.' because:
> > > > Too much time waiting for 1.client-channel.google.com.|A, timeouts: 4,
> > > > throttles: 2, queries: 5, 7187msec
> > > > Oct 22 17:06:04 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of '1.client-channel.google.com.' because:
> > > > Too much time waiting for 1.client-channel.google.com.|A, timeouts: 4,
> > > > throttles: 0, queries: 5, 7144msec
> > > > Oct 22 17:06:04 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'www.google.com.' because: Too much
> > time
> > > > waiting for www.google.com.|A, timeouts: 4, throttles: 0, queries: 5,
> > > > 7143msec
> > > > Oct 22 17:06:04 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'mtalk.google.com.' because: Too much
> > time
> > > > waiting for mtalk.google.com.|A, timeouts: 5, throttles: 4, queries: 6,
> > > > 7795msec
> > > > Oct 22 17:06:06 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.11 during resolve of 'mtalk.google.com.' because: Too much
> > time
> > > > waiting for mtalk.google.com.|A, timeouts: 5, throttles: 4, queries: 6,
> > > > 8446msec
> > > > Oct 22 17:06:07 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'www.googleapis.com.' because: Too much
> > > > time waiting for www.googleapis.com.|AAAA, timeouts: 5, throttles: 0,
> > > > queries: 6, 8107msec
> > > > Oct 22 17:06:08 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'clients4.google.com.' because: Too
> > much
> > > > time waiting for clients4.google.com.|AAAA, timeouts: 5, throttles: 0,
> > > > queries: 6, 8053msec
> > > > Oct 22 17:06:09 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'clients3.google.com.' because: Too
> > much
> > > > time waiting for clients3.google.com.|AAAA, timeouts: 5, throttles: 0,
> > > > queries: 6, 8453msec
> > > > Oct 22 17:06:11 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'mtalk.google.com.' because: Too much
> > time
> > > > waiting for mtalk.google.com.|AAAA, timeouts: 5, throttles: 0,
> > queries: 6,
> > > > 8380msec
> > > > Oct 22 17:06:31 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'www.googleapis.com.' because: Too much
> > > > time waiting for www.googleapis.com.|A, timeouts: 5, throttles: 0,
> > queries:
> > > > 6, 8513msec
> > > > Oct 22 17:06:31 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'clients4.google.com.' because: Too
> > much
> > > > time waiting for clients4.google.com.|A, timeouts: 5, throttles: 0,
> > > > queries: 6, 8074msec
> > > > Oct 22 17:06:32 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'clients3.google.com.' because: Too
> > much
> > > > time waiting for clients3.google.com.|A, timeouts: 5, throttles: 0,
> > > > queries: 6, 8295msec
> > > > Oct 23 11:00:57 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'play.googleapis.com.' because: Too
> > much
> > > > time waiting for googleapis.l.google.com.|AAAA, timeouts: 4,
> > throttles: 0,
> > > > queries: 6, 8023msec
> > > > Oct 23 11:02:18 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 192.168.0.12 during resolve of 'www.googleapis.com.' because: Too much
> > > > time waiting for googleapis.l.google.com.|AAAA, timeouts: 4,
> > throttles: 0,
> > > > queries: 6, 8246msec
> > > > Oct 23 11:11:36 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 78.152.97.196 during resolve of 'www.googleapis.com.' because: Too
> > much
> > > > time waiting for googleapis.l.google.com.|A, timeouts: 4, throttles: 0,
> > > > queries: 6, 7674msec
> > > > Oct 23 11:51:08 banana pdns_recursor[2485]: Sending SERVFAIL to
> > > > 5.172.125.114 during resolve of 'www.youtube.com.' because: Too much
> > time
> > > > waiting for youtube-ui.l.google.com.|A, timeouts: 4, throttles: 0,
> > queries:
> > > > 6, 7465msec
> > > >
> > > > Now, what I have learnt in the life is that everything is possible and
> > it
> > > > could be possible that authoritative servers for youtube and google are
> > > > "busy" and they don't forward the reply on-time but...it seems strange
> > to
> > > > me.
> > > >
> > > > There are other reasons for a SERVFAIL reply? Something could be wrong
> > on
> > > > my set-up
> > > >
> > > > Thank you for your time
> > > >
> > > > Regards
> > > >
> > > > Federico
> > > >
> >
> > > _______________________________________________
> > > Pdns-users mailing list
> > > Pdns-users at mailman.powerdns.com
> > > http://mailman.powerdns.com/mailman/listinfo/pdns-users
> >
> >
> >
More information about the Pdns-users
mailing list