Intermittent SERVFAILs for zones under me.uk from LHR

I’m intermittently seeing servfails / timeouts from 1.1.1.1 resolving names for a few zones under .me.uk. Other zones hosted on the same nameservers, and DNSSEC signed on the same infrastructure, seem to be fine.

Eg:

$ dig d.timstallard.me.uk @1.1.1.1 +retries=0

; <<>> DiG 9.16.6-Ubuntu <<>> d.timstallard.me.uk @1.1.1.1 +retries=0
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30886
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 22 (No Reachable Authority)
;; QUESTION SECTION:
;d.timstallard.me.uk.		IN	A

;; Query time: 15 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)

(I’d expect this to return NXDOMAIN)

I’ve seen the same issues with tds.me.uk, which is hosted on the same nameservers, but signed elsewhere. I can also see the same with example.me.uk, a random choice which uses some other nameservers. All these domains appear to run fine through dnsviz and resolve OK against 8.8.8.8.

In case it helps track this down, I’ve only observed this from LHR; querying against FRA and AMS both seem fine. Let me know if there’s anything else I can check or provide to help investigate.

Hello,

sorry that you’re having this issue. It’s possible that the resolver was having difficulty in reaching out the nameservers. If you’re able to replicate this issue easily, could you please run the following command for us:

dig d.timstallard.me.uk @1.1.1.1 +retries=0 +nsid

Thanks :slight_smile:

The servfails seem to have stopped now. Thanks for pointing out you support nsid, I hadn’t realised that - will certainly keep it in mind when debugging/reporting issues in future!

sounds good to me, thanks for clarifying :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.