When a DNS lookup returns "server failed" in response to a query, this means that some DNS server queried sent back a response packet with code
Some possible causes of this problem are:
First check the zone's IP entry in the boot file, and make sure it really is the correct IP address for the master server.
Then try to ping the server to check connectivity. If the ping is successful, you need to look further.
nslookup and turn on
norecurse to track the path of the name servers down to the ultimate source of the
The source of the "server failed" error can be any of the name servers that the resolver is configured to query (typically, it originates in the local name server–see the logical
MULTINET_NAMESERVERS), any forwarders configured, any of the root name servers, or any name servers in the path of delegation from the root down to the official name servers for the zone in question.
nslookup to walk through all possible name servers until you locate the source of the problem.
Once you find the name server that is generating the SERVFAIL error, what can you do?
This section contains an example of how to track down the source of a "Server failed" error message on servfail.calvin.yoyodyne.com.
$ multinet nslookup servfail.calvin.yoyodyne.com. Server: HQ.TGV.COM Address: 220.127.116.11 *** HQ.TGV.COM can't find SERVFAIL.calvin.yoyodyne.com.: Server failed $
Just because HQ.TGV.COM reported SERVFAIL, that does not necessarily indicate the source of the "Server failed" message.
$ sho log multinet_nameservers ! get resolver's list of nameservers "MULTINET_NAMESERVERS" = "18.104.22.168" (LNM$SYSTEM_TABLE)
DOMAIN-NAME-SERVICE.CONFIGURATION) on your name server for any forwarders. Check all forwarders as well. In this example, name server 22.214.171.124 does not happen to have any forwarders.
nslookup. Turn on
norecurse. Walk down through the DNS. (You may have to double back.)
$ multinet nslookup Default Server: catbert.ABC.com Address: 126.96.36.199 > set norecurse > servfail.calvin.yoyodyne.com. Server: catbert.ABC.com Address: 188.8.131.52 Name: servfail.calvin.yoyodyne.com Served by: - treefrog.com 184.108.40.206, 220.127.116.11 yoyodyne.com - NS1.WESTNET.NET 18.104.22.168 yoyodyne.com - rip.psg.com 22.214.171.124 yoyodyne.com
In the example, the SERVFAIL is not coming straight from the local name server, 126.96.36.199. When
norecurse is on, the error does not occur.
> server treefrog.com. Default Server: treefrog.com Addresses: 188.8.131.52, 184.108.40.206 > servfail.calvin.yoyodyne.com. Server: treefrog.com Addresses: 220.127.116.11, 18.104.22.168 Name: servfail.calvin.yoyodyne.com Served by: - serv2.calvin.yoyodyne.com 22.214.171.124 servfail.calvin.yoyodyne.com - hobbes.aces.net 126.96.36.199 servfail.calvin.yoyodyne.com
The example shows how to go down the path of delegation. The problem may have come from any another name sever in the delegation path between the root and servfail.calvin.yoyodyne.com.
> server serv2.calvin.yoyodyne.com. Default Server: serv2.calvin.yoyodyne.com Address: 188.8.131.52 > servfail.calvin.yoyodyne.com. Server: serv2.calvin.yoyodyne.com Address: 184.108.40.206 *** serv2.calvin.yoyodyne.com can't find servfail.calvin.yoyodyne.com.: Server failed
This is it!
(If the "Server failed" error had not occured here, you would have had to keep trying by querying other servers.)
> server hobbes.aces.net. *** Can't find address for server hobbes.aces.net.: Non-authoritative answer
This answer occurs because
norecurse is on.
norecursetemporarily. In this example, use the IP address of hobbes.aces.net instead.
> server 220.127.116.11 Default Server: hobbes.ACES.NET Address: 18.104.22.168 > servfail.calvin.yoyodyne.com. Server: hobbes.ACES.NET Address: 22.214.171.124 hobbes.ACES.NET can't find servfail.calvin.yoyodyne.com.: No response from server
hobbes.aces.net isn't responding, and servfail.calvin.yoyodyne.com is returning SERVFAIL. Maybe serv2.calvin.yoyodyne.com is a secondary for the zone and has exipred it, or maybe serv2.calvin.yoyodyne.com has a bad root name server cache.
> server serv2.calvin.yoyodyne.com. Default Server: serv2.calvin.yoyodyne.com Address: 126.96.36.199 > set TYPE=any > . Server: serv2.calvin.yoyodyne.com Address: 188.8.131.52 Non-authoritative answer: (root) nameserver = F.ROOT-SERVERS.NET (root) nameserver = G.ROOT-SERVERS.NET (root) nameserver = A.ROOT-SERVERS.NET (root) nameserver = H.ROOT-SERVERS.NET (root) nameserver = B.ROOT-SERVERS.NET (root) nameserver = C.ROOT-SERVERS.NET (root) nameserver = D.ROOT-SERVERS.NET (root) nameserver = E.ROOT-SERVERS.NET (root) nameserver = I.ROOT-SERVERS.NET (root) origin = A.ROOT-SERVERS.NET mail addr = HOSTMASTER.INTERNIC.NET serial = 1995092000 refresh = 10800 (3 hours) retry = 900 (15 mins) expire = 604800 (7 days) minimum ttl = 86400 (1 days) Authoritative answers can be found from: (root) nameserver = F.ROOT-SERVERS.NET (root) nameserver = G.ROOT-SERVERS.NET (root) nameserver = A.ROOT-SERVERS.NET (root) nameserver = H.ROOT-SERVERS.NET (root) nameserver = B.ROOT-SERVERS.NET (root) nameserver = C.ROOT-SERVERS.NET (root) nameserver = D.ROOT-SERVERS.NET (root) nameserver = E.ROOT-SERVERS.NET (root) nameserver = I.ROOT-SERVERS.NET F.ROOT-SERVERS.NET internet address = 184.108.40.206 G.ROOT-SERVERS.NET internet address = 220.127.116.11 A.ROOT-SERVERS.NET internet address = 18.104.22.168 H.ROOT-SERVERS.NET internet address = 22.214.171.124 B.ROOT-SERVERS.NET internet address = 126.96.36.199 C.ROOT-SERVERS.NET internet address = 188.8.131.52 D.ROOT-SERVERS.NET internet address = 184.108.40.206 E.ROOT-SERVERS.NET internet address = 220.127.116.11 I.ROOT-SERVERS.NET internet address = 18.104.22.168
This looks fine. Otherwise, turn on
> rs.internic.net. Server: serv2.calvin.yoyodyne.com Address: 22.214.171.124 Authoritative answers can be found from: INTERNIC.NET nameserver = RS0.INTERNIC.NET INTERNIC.NET nameserver = ds0.INTERNIC.NET INTERNIC.NET nameserver = noc.cerf.NET RS0.INTERNIC.NET internet address = 126.96.36.199 ds0.INTERNIC.NET internet address = 188.8.131.52 noc.cerf.NET internet address = 184.108.40.206
This name server looks good, so now you can assume there's something wrong with the servfail.calvin.yoyodyne.com zone.
(In this example, you would need to look on serv2.calvin.yoyodyne.com to find out more.)