Today, a fax machine at the office started complaining that it couldn’t send emails. No useful error messages or anything…

After some digging it turns out the fax machine was getting SERVFAIL from the name server. This nameserver carries slaved zones for certain domains used for critical infrastructure, and it turns out there was a problem getting updates from upstream.

Unfortunately the error message was not very helpful:

Mar 11 11:16:04 ns3 named[4180]: transfer of 'fubra.it/IN' from 87.124.71.70#53: failed while receiving responses: CNAME and other data
Mar 11 11:16:04 ns3 named[4180]: transfer of 'fubra.it/IN' from 87.124.71.70#53: end of transfer

After a little digging I found a useful command installed by the bind package: named-checkzone

This command made it easy to see where the error came from. First I grabbed the zone using dig with the axfr option:

dig @ns1.fubra.com fubra.it axfr > /root/db.fubra.it

Next I used named-checkzone to parse the zone and reveal the problem:

named-checkzone -d fubra.it. /root/db.fubra.it

… which returned the following….

loading "fubra.it." from "/root/db.fubra.it" class "IN"
dns_master_load: /root/db.fubra.it:69: code.fubra.it: CNAME and other data
zone fubra.it/IN: loading master file /root/db.fubra.it: CNAME and other data

Looking at line 69 in the zone file revealed the problem – there was an Address and CNAME record for the same resource code.fubra.it. Two minutes later the problem was fixed.

Mark Sutton Chief Technology Officer

As CTO Mark defines the technical strategy for CatN, designs and builds our key IT assets and engages with the IT community to communicate the CatN vision. You can find Mark on Google+