I am trying to trouble shoot some DNS problems with BIND 9 when I have a cache miss on my recursive resolver.
I've enabled debug 2 logging for query errors and am getting the following:
01-Jun-2015 03:04:41.539 debug 1: client 71.41.189.242#53761 (www.theonion.com): query failed (SERVFAIL) for www.theonion.com/IN/A at query.c:7005
01-Jun-2015 03:04:41.539 debug 2: fetch completed at resolver.c:3194 for www.theonion.com/A in 10.000137: timed out/success [domain:theonion.com,referral:1,restart:3,qrysent:11,timeout:10,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
Does anyone know exactly what this means. The first entry looks like it Failed.
The second is a timed out/success (which one is it — time our or success — or is it a success that happened after a timeout value)
What are the numbers in the debug 2 line. What is a referral, restart, querysent, etc. Did this try the same query 11 times, 10 timed out and 1 responded? What are there referrals and restarts?
Any Bind experts that can help me understand what is going on here?
Best Answer
The BIND ARM is your friend whenever you're doing anything of complexity with BIND. In particular, this is documented in the section on logging. The interpretation should be that BIND followed 1 referral, tried 3 times to reach all known nameservers, sent 11 queries in the process, and timed out on 10 out of 11 queries.