dig @8.8.8.8 SERVFAIL

[benk_s]

Dear Google,

I have problem SERVFAIL when dig @8.8.8.8 but that not happen when dig
@4.2.2.2 and when using OpenDNS
That affecting to all domain under nameserver ns1.infokom.net and
ns1.melesat.net.id
Would you helping me why this can be happened

------------ dig @8.8.8.8 ns1.infokom.net

; <<>> DiG 9.5.0-P2 <<>> @8.8.8.8 ns1.infokom.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10477
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.infokom.net. IN A

;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Dec 3 16:43:13 2011
;; MSG SIZE rcvd: 33

--------------- dig @4.2.2.2 ns1.infokom.net

; <<>> DiG 9.5.0-P2 <<>> @4.2.2.2 ns1.infokom.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23229
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.infokom.net. IN A

;; ANSWER SECTION:
ns1.infokom.net. 3524 IN A 202.147.192.29

;; Query time: 186 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Sat Dec 3 16:43:32 2011
;; MSG SIZE rcvd: 49

------------------ dig @8.8.8.8 ns1.melesat.net.id

; <<>> DiG 9.5.0-P2 <<>> @8.8.8.8 ns1.melesat.net.id
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27525
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.melesat.net.id. IN A

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Dec 3 16:49:55 2011
;; MSG SIZE rcvd: 36

------------------------- dig @4.2.2.2 ns1.melesat.net.id

; <<>> DiG 9.5.0-P2 <<>> @4.2.2.2 ns1.melesat.net.id
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35610
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.melesat.net.id. IN A

;; ANSWER SECTION:
ns1.melesat.net.id. 39651 IN A 202.147.192.30

;; Query time: 188 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Sat Dec 3 16:50:04 2011
;; MSG SIZE rcvd: 52

--------------------- dig @8.8.8.8 walanja.com

; <<>> DiG 9.5.0-P2 <<>> @8.8.8.8 walanja.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 65444
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;walanja.com. IN A

;; Query time: 31 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Dec 3 16:46:05 2011
;; MSG SIZE rcvd: 29

--------------------- dig @4.2.2.2 walanja.com

; <<>> DiG 9.5.0-P2 <<>> @4.2.2.2 walanja.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55552
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;walanja.com. IN A

;; ANSWER SECTION:
walanja.com. 43200 IN A 110.50.86.181

;; Query time: 412 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Sat Dec 3 16:45:02 2011
;; MSG SIZE rcvd: 45

[Yunhong Gu]

Hello, 

This appears to be the same problem as (at least related to) the Megaxus.com issue that other users reported on the forum. The name servers are in Indonesia, and for some reason (possible network related) some of our DNS resolvers cannot reach the name servers. We are currently investigating this issue.

Thanks

Yunhong

--
========================================================
You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dn...@googlegroups.com
To unsubscribe from this group, send email to
public-dns-disc...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/public-dns-discuss?hl=en
For more information on Google Public DNS, please visit
http://code.google.com/speed/public-dns
========================================================

[benk_s]

Thank you for your help.
It's make me dizzy because SERVFAIL not only happened on domain
ns1.infokom.net, ns1.melesat.net.id or walanja.com, that affecting to
another 50 domains.

Thanks

[Yunhong Gu]

Hello,

The problem has been resolved finally. Please verify and let us know if there is any remaining issue.

Yunhong

[Jason]

Has this issue been recurring? My domain works fine in all open dns
and level3 servers etc, but google public dns is causing Servefail on
dig to both 8.8.8.8 and 8.8.4.4.

[Yunhong Gu]

What is your domain?

[miguel...@gmail.com]

I'm experiencing the same issue for the domain imagens.walmart.com.br. It fails on 8.8.8.8 but is on on 4.2.2.2.

dig is fine @4.2.2.2

$ dig @4.2.2.2 imagens.walmart.com.br

; <<>> DiG 9.6-ESV-R4-P3 <<>> @4.2.2.2 imagens.walmart.com.br

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23834

;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;imagens.walmart.com.br. IN A

;; ANSWER SECTION:

imagens.walmart.com.br. 587 IN CNAME walmart.edgesuite.net.

walmart.edgesuite.net. 18693 IN CNAME a1049.b.akamai.net.

a1049.b.akamai.net. 7 IN A 63.233.110.27

a1049.b.akamai.net. 7 IN A 63.233.110.26

;; Query time: 142 msec

;; SERVER: 4.2.2.2#53(4.2.2.2)

;; WHEN: Wed Mar 21 11:21:43 2012

;; MSG SIZE  rcvd: 136

but fails @8.8.8.8

$ dig @8.8.8.8 imagens.walmart.com.br

; <<>> DiG 9.6-ESV-R4-P3 <<>> @8.8.8.8 imagens.walmart.com.br

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28601

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;imagens.walmart.com.br. IN A

;; Query time: 24 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Wed Mar 21 11:21:58 2012

;; MSG SIZE  rcvd: 40

Is that the same cause? How can this be fixed?

Thank You,

--

Miguel Silva

[Paul S. R. Chisholm]

Not the same problem; fixed now.  --PSRC

[aristo.i...@gmail.com]

Hello Sir,

Can you help me about this issue...
we have any domain that registered at our nameserver, but we had some problem when we dig any our domain to @8.8.8.8 always get SERVFAIL specially from under our ip subnets (103.254.104.0/20). But if we dig to @4.2.2.2 we have no issue about SERVFAIL. Please see this example below :

> dig @8.8.8.8 xpnets.co.id

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> @8.8.8.8 xpnets.co.id
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12242
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xpnets.co.id.			IN	A

;; Query time: 13 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jun 21 09:49:40 2016
;; MSG SIZE  rcvd: 30

> dig @4.2.2.2 xpnets.co.id

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> @4.2.2.2 xpnets.co.id
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1453
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xpnets.co.id.			IN	A

;; ANSWER SECTION:
xpnets.co.id.		1800	IN	A	103.254.107.3

;; Query time: 663 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Tue Jun 21 09:32:48 2016
;; MSG SIZE  rcvd: 46


Please help me for this issue

Best Regards,
Aristo Ilhamsyah

What is your domain?

> > public-dns-discuss+unsub...@googlegroups.com

> > For more options, visit this group at
> >http://groups.google.com/group/public-dns-discuss?hl=en
> > For more information on Google Public DNS, please visit
> >http://code.google.com/speed/public-dns
> > ========================================================

--
========================================================
You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dn...@googlegroups.com
To unsubscribe from this group, send email to

public-dns-discuss+unsub...@googlegroups.com

[Alex Dupuy]

Google resolvers are having difficulty getting responses from the name servers for xpnets.co.id, which are all located on a single network (103.254.107.0/22). However, as pings/traceroutes seem to work, it is may be that your name servers are rate limiting or delaying responses to the Google Public DNS resolvers in CBF, DLS, and CHS:

74.125.72.0/24

74.125.75.0/24

74.125.76.0/24

74.125.77.0/24

74.125.78.0/24

74.125.113.0/24

74.125.180.0/24

74.125.182.0/24

74.125.183.0/24

74.125.184.0/24

74.125.185.0/24

173.194.90.0/24

https://developers.google.com/speed/public-dns/faq#locations

You may want to check that you are receiving queries from at least some of these locations, and that you are not blocking or rate limiting them.

Running various checks (https://zonalizer.makeinstall.se/?cgVwIM_GQ8OlC2S7qRwnxQ, http://www.intodns.com/xpnets.co.id, https://zonemaster.net/test/ece17ef5db9e4506) indicates a number of issues - one of your nameservers ns2.cpnets.co.id=103.254.107.3 is configured to allow recursive queries, and more relevantly, all of your nameservers are in a single subnet and autonomous system (AS).

DNS zones should have at least two different nameservers running in each of at least two different Autonomous System (AS) routing zones (https://tools.ietf.org/html/rfc1537#section-6).

You may want to consider adding secondary DNS service from other providers, e.g. https://www.keycdn.com/blog/best-free-dns-hosting-providers/ — dns.he.net offers very good coverage, and is free: you would need to enter the he.net nameserver IP (216.218.130.2) to the AXFR allowed whitelist of your primary nameserver, and then add the he.net nameservers and/or replace some of the duplicate nameservers on your single subnet with he.net nameservers in your domain registration.

[Aristo Ilhamsyah]

Hi Alex,

Thanks For your quick reply...

Today i tried what your suggest for creating name server with dns.he.net, and the result is :

> dig @8.8.8.8 xpnets.co.id ANY

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> @8.8.8.8 xpnets.co.id ANY
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3112
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xpnets.co.id.			IN	ANY

;; Query time: 36 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jun 22 09:55:08 2016
;; MSG SIZE  rcvd: 30

Status NOERROR better than yesterday, but i dont get the answer section in this dig

it's oke if i don't get the answer section..?

and i try to send email from @gmail.com to @xpnets.co.id still get the error massage from gmail like this :

Delivery to the following recipient failed permanently:

     aristo.i...@xpnets.co.id

Technical details of permanent failure:
DNS Error: 12247801 DNS type 'mx' lookup of xpnets.co.id responded with code NOERROR
12247801 DNS type 'mx' lookup of xpnets.co.id had no relevant answers.
12247801 DNS type 'aaaa' lookup of xpnets.co.id responded with code NOERROR
12247801 DNS type 'aaaa' lookup of xpnets.co.id had no relevant answers.
12247801 DNS type 'a' lookup of xpnets.co.id responded with code NOERROR
12247801 DNS type 'a' lookup of xpnets.co.id had no relevant answers.

Best Regards,

Aristo Ilhamsyah

[Alex Dupuy]

The NOERROR (NODATA) responses probably came after you set up the HE DNS zones, but before the secondary transfer kicked in.

When I query now, I usually get valid responses with correct data. Sometimes queries go to one of your two nameservers in Indonesia and I get a SERVFAIL, but this seems to be less than 10% of the time. It's clearly not a 100% solution, but it is definitely a significant improvement, and now that there are no more NODATA responses, e-mail (at least) should go through pretty reliably, occasionally with a short delay.

[Aristo Ilhamsyah]

Hehehehe... I realy appreciate for your free dns host informations and solutions, even this is not a 100% solution. So right now we have 2 country region nameserver in the world... if our bandwidth upstream have down connection, so our domain still indentified with he.net nameserver. Once again i says thank you very much for your help Sir... now our email server has receive email from gmail correctly again... i have one question regarding this problem, there is setup changes from google Sir..? because at our domain server and email server nothing changes config anything in past 2 years.

Im sorry for my bad english language...

Best Regards,
Aristo Ilhamsyah

[Alex Dupuy]

On Wednesday, June 22, 2016 at 5:49:54 PM UTC-4, Aristo Ilhamsyah wrote:

i have one question regarding this problem, there is setup changes from google Sir..? because at our domain server and email server nothing changes config anything in past 2 years.

There may be strange routing or excessive DNS queries slowing down your nameserver (especially since pings go through when DNS queries don't) that causes the queries to your nameserver from certain regions to time out. Unfortunately it is rarely possible to accurately diagnose the source of the problem, as it can be at our end, your nameserver, or anywhere in between.

Google Public DNS is particularly sensitive to these sorts of problems; we timeout quickly and may not retry, in order to give a fast answer to clients in all cases (they may retry with other name servers, including our alternate addresses like 8.8.4.4). For smaller domains that are not usually in cache, and whose name servers are on a single less-well-connected network, our strategy doesn't always work as well as we would like. But there is good free secondary DNS hosting available on the Internet, and it allows your domains not only to resolve successfully for Google Public DNS, but also to provide faster and more reliable service for clients that use other resolvers, so that is the best way to fix the problem.