servfail on certain field

[onepaanplus]

how can i prevent from getting this !ServFail every time?

[elceef]

This indicates there was an error communicating with DNS server and lookup failed. Sometimes it can be "fixed" by selecting a different DNS resolver - try --nameserver 1.1.1.1.

[elceef]

I would also like to clarify that even though ServFail occurred it still indicates that domain is registered. Just particular DNS records can't be resolved due to misconfigured zone, network failure, etc.

[driehuis]

I have seen a number of instances where !ServFail is returned for unregistered domains, resulting in false positives that come and go between runs.

I'm not sure what underlying issue causes those fails, I cannot reproduce them at will. It may well be that something along the way is rate limiting NXDomain or SERV_FAIL responses. In some cases, like the example given above, both nameservers for a fuzzed name are in the same network, so it may also depend on the weather on the Internet.

The problem seems to have become less after adding a fallback DNS server (8.8.4.4 in addition to 8.8.8.8), but the behavior is so inconsistent it may as well be that I was lucky over the last couple of days.

I'm considering adding retries with exponential backoff to work around the issue. It's not a general solution, for a number of reasons, but I really would like to get rid of the false positives.

[elceef]

Recommend setting DNS resolvers from more than one provider (for example 8.8.8.8,1.1.1.1). You might also consider manually increasing dnstwist.REQUEST_TIMEOUT_DNS. Keep in mind it won't fix a broken DNS zone/server though.