Hi Blažej,

can you trace the query using this feature? https://knot-resolver.readthedocs.io/en/stable/modules-http-trace.html#using-http-module

This will provide extremely detailed information on why Knot resolver responds with SERVFAIL.

Best regards

Robert

On Mon, Sep 19, 2022 at 1:25 PM Blažej Krajňák <blazej.krajnak@gmail.com> wrote:

Hello everyone,

at AS50242 we experience problem with resolving connectivity.samsung.com.cn
We run two servers, each with 4 instances. Both servers have working
dual-stack (v4/v6).

knot-dnsutils/unknown,now 3.1.1-cznic.1 amd64 [installed]
knot-resolver-module-http/unknown,now 5.5.0-cznic.1 all [installed,automatic]
knot-resolver-release/unknown,now 1.9-1 all [installed]
knot-resolver/unknown,now 5.5.0-cznic.1 amd64 [installed]

Dnsviz shows problem reaching few IPv6 servers of .cn TLD via UDP. I
can not understand, why both of our servers response with SERVFAIL.

Any ideas how to troubleshoot more?

Thank you,
Blažej
--

Robert Šefr

CTO

robert.sefr@whalebone.io

+420608737930

www.whalebone.io

Whalebone, s.r.o.

Jezuitská 14/13, 602 00 Brno

Czech Republic