7 Led
2026
7 Led
'26
17:16
On 07/01/2026 16.01, Paweł Małachowski via knot-resolver-users wrote:
There is a domain delegated to 4 NS-es.
If I block network connectivity with auth NS 1, kresd sometimes returns and caches
SERVFAIL without trying secondary NS-es 2-4.
First of all note that these are 4 NS records, but apparently all of
them together they only have 2 IPv4 addresses. So you really blocked
2/4 nameservers. (also at the start it takes some time to discover that
IPv6 doesn't work at all in your case and which NSs have which IPv4s)
Still, the part of log which you sent shows a bit weird behavior.
Normally it wouldn't even give after two attempts already, and the log
doesn't show what got wrong. (no timeout even logged in there, nothing)
--Vladimir