Hi!
We are using an internal server in our network as DNS to be able to handle internal domain names. It is bind9 installed on a debian system. It is a default configuration with just 5 zones added.
Everything works fine until that point when our primary internet connection fails. Our firewall then switches over to a secondary connection but normally the computers in our network do not realize that switch (they just loose internet connectivity for some seconds and afterwards are online using a new external IP address).
For some reason in such a case our internal name server is making trouble. Most of the requests he is not able to respond to anymore but when I make a nslookup I just get "SERVFAIL" back. Sometimes even for google.com etc. Some minutes later google.com maybe working but several other domains do not work. I would say for 60-70% of the nslookups I get a SERVFAIL. The local domains are always working.
When I start nslookup on the server running bind9 and choose e.g. a.root-servers.net as the nslookup server, I get proper responses for ALL requests I send.
Would be nice if anybody of you does have any hint for me which setting I could check!
Thanks,
Moritz
We are using an internal server in our network as DNS to be able to handle internal domain names. It is bind9 installed on a debian system. It is a default configuration with just 5 zones added.
Everything works fine until that point when our primary internet connection fails. Our firewall then switches over to a secondary connection but normally the computers in our network do not realize that switch (they just loose internet connectivity for some seconds and afterwards are online using a new external IP address).
For some reason in such a case our internal name server is making trouble. Most of the requests he is not able to respond to anymore but when I make a nslookup I just get "SERVFAIL" back. Sometimes even for google.com etc. Some minutes later google.com maybe working but several other domains do not work. I would say for 60-70% of the nslookups I get a SERVFAIL. The local domains are always working.
When I start nslookup on the server running bind9 and choose e.g. a.root-servers.net as the nslookup server, I get proper responses for ALL requests I send.
Would be nice if anybody of you does have any hint for me which setting I could check!
Thanks,
Moritz