1

DHCP Slow Response Time

Description: Slow response time from a DHCP server to a DHCPDISCOVER or DHCPREQUEST message from a client.

 

Cause: May be caused by unusual network latency or by the DHCP server itself. The DHCP server may simply be overloaded. Depending on the DHCP server type and configuration, the server may be delayed by (e.g.) attempting to perform dynamic DNS updates on behalf of the DHCP client. DHCP servers can also be configured in a fallback scenario to intentionally delay their response to requests: the expectation is that, in normal operation, another DHCP server (configured without such a delay) should respond to clients.

 

Remedy: Determine where the delay is being introduced: on the wire due to latency or network issues from client to server or server to client, or at the DHCP server between the time a message is received and a response is being sent. If the delay is on the wire, perform normal diagnostics of the network path. If at the DHCP server, check the load on the DHCP server. Review the logs of the DHCP server, correlate the inbound request and response, and look for unusual log messages between the two, possibly relating to dynamic DNS. Check the configuration of the DHCP server to see if a delayed response has been configured by intent or accident.

2

DNS Query Format Error

Description: A DNS server sent a Format Error (FORMERR) in response to a DNS request, indicating the request was malformed or not understood.

 

Cause: Format Errors can be caused by corruption or manipulation of requests in transit from DNS client to server. If Format Errors are consistently observed in response to queries from the same DNS client(s), the client(s) may be sending problematic requests to the DNS server: the requests may literally be malformed, or they may use a feature (e.g. EDNS) unsupported by the DNS server.

 

Remedy: Determine why the Format Errors are occurring. If a persistent network issue, address the source of corruption or manipulation. If specific client(s) are consistently receiving Format Errors, determine whether the issue is a misbehaving client or (e.g.) an outdated server that does not support DNS extensions required by those client(s).

3

DNS Server Failure

Description: A DNS server sent a Server Failure (SERVFAIL) error in response to a DNS request, indicating the server could not process the request.

 

Cause: The Server Failure error is a catch-all error returned when a DNS server is unable to respond to a request for any reason outside of the more specific standard errors such as FORMERR (query format error), NOTIMP (function not implemented), or REFUSED (request/access denied). Because of this, it's impossible to define a generic cause for a Server Failure error. That said, probably the most common cause of Server Failure errors is an inability of the DNS server to communicate with other DNS servers to retrieve information required to answer the query. For example, a Secondary DNS server may have been unable to receive a Zone Transfer from its Primary, a Recursive DNS server may be unable to route to the Internet, or a Forwarding DNS server may be unable to contact any of the configured forwarding targets.

 

Remedy: Check the connectivity of the DNS server returning Server Failure errors to ensure that it can reach all necessary upstream servers. Check the logs of the DNS server returning Server Failures to discover the specific reason why a Server Failure is being returned.

4

DNS Server Refused Query

Description: A DNS server sent a Refused (REFUSED) error in response to a DNS request, indicating the server refused to service the request.

 

Cause: The Refused error is returned when a DNS server is asked by a client to perform an operation that is disallowed by a configured policy. Common causes are denial due to explicit allow-query ACLs, recursive queries being sent to an authoritative-only server, requesting a full (AXFR) or incremental (IXFR) zone transfer without permission, or attempting to perform a dynamic DNS update without permission.

 

Remedy: Determine whether the request being Refused should or should not be allowed. If the operation should be allowed, modify the configuration of the DNS server to permit the operation. If the operation is being correctly denied, investigate the client(s) to determine why they attempted to perform a disallowed action.