Troubleshooting SERVFAIL
Havard Eidnes
he at uninett.no
Sun Sep 24 09:06:42 UTC 2023
> Upon trying to reach the domain Attenix Login <https://saas.attenix.co.il/>
> I encounter SERVFAIL
...
> I'm using unbound on my Pihole device.
> I do not block this domain using pihole. This is only a DNS setup issue,
> but I'm not sure how to fix this.
Typically, SERVFAIL status can mean one of two things:
1) Your recursor could not get an answer from any of the
publishing name servers for the zone where the queried-for
name is located.
2) There is a DNSSEC problem (Expired signatures? Mismatching DS
/ DNSKEY records?)
I use my go-to DNS debugger at https://dnsviz.net/, as it may
easily be used to distinguish between the two.
The current status is that the attenix.co.il zone is not DNSSEC
signed, so #2 is "out".
Dnsviz flags that it could not get a response from two of the
publishing name servers for the zone -- one over IPv4/UDP, one
over IPv6/TCP.
Re-checking with both BIND and unbound 1.17.1 recursors locally
elicits a response, and don't think I'm able to reproduce the
issues flagged by dnsviz.net:
saas.attenix.co.il. 3596 IN A 62.90.175.227
so at least I'm not able to reproduce the problem that way.
However, whether there is something particular in your situation
which causes a #1 situation I'm not able to tell, sorry.
Best regards,
- Håvard
More information about the Unbound-users
mailing list