Getting 2(SERVFAIL) on valid domains from "YYZ"

Multiple different domains getting 2(SERVFAIL) when trying to resolve them.

dig +short CHAOS TXT id.server @1.1.1.1
“YYZ”

Located in Ontario/Canada.

Find that Cloudflair accelerated sites on the same original dns and servers. Do not have this problem.

Have mostly tested with my servers, but have found the same with others in my area.

How to get this resolved?

Could you post which domains have the issue?

Here are a couple that reliably have a lookup problem.

technophar.com
govital.net

Looks like one or more nodes in the cluster are acting up. Sometimes it works. For a while they were all failing. I went to the purge cache page and tried that. Only somewhat fixed the problem.

There are a handful of issues with govital.net’s zone.

To start off with, there is an inconsistent set of NS records being returned by the gTLD roots and the govital.net servers. This isn’t automatically fatal, but it indicates potential issues.

Worse, there are some glue issues. For ns1.govital.net the parent reported 209.202.88.1 while your nameservers reported: 208.90.68.1.

Finally both ns1 and ns2 are in the same subnet, which while not fatal, will ensure that any routing issue that makes one server inaccessible will result in all servers being unreachable.

I would recommend having whoever is responsible for this environment review the configuration and fix things up.

1 Like

OK apprechiate finding that, something at the registrar was messed up, somehow old info from 4 years ago was there for one of the servers, corrected now, but totally unrelated to the issue at hand. I’m still getting random 2(SERVFAIL) doing lookups from multiple providers in the area. None of this is related to the original issue. There are no problems using any other public dns. If I use cloudflairs https dns lookup interface everything works fine. So there is something wrong with one or more of the name servers in the local dns cluster.

What is the best way to get ahold of support for 1.1.1.1/1.0.0.1 issues?

I’m not sure why you say it wasn’t related, bad glue will cause SERVERR assuming the old IP isn’t running a valid resolver.

I’m not clear if Cloudflare allows clearing cached glue records or not.

Everything suddenly started working properly for all my test cases in the last 10 minutes, including to other providers in the area, guessing they have fixed the problem. So problem is solved i guess. Was happening for the last two days.

This topic was automatically closed after 14 days. New replies are no longer allowed.