I don't believe there is a delegation problem: ns1/ns2.isp.net - which hosts isp.net and customers dns1/dns2.isp.net - which hosts customers only
what do you think? Mark Andrews wrote: >> FORMERR is strange. Generally speaking, you should not be seeing FORMERR >> in queries between 2 different BIND instances. >> >> It's looking increasingly to me like a bad NAT/PAT device, mangling your >> packets. Maybe it doesn't understand EDNS0 (?) My next step would >> probably be to run a packet trace/capture, although, on the off-chance >> that it's EDNS0-related, you might try turning that off and see if it >> makes a difference. >> >> >> - Kevin >> > > Named logs FORMERR when it receives a unexpected SOA record > on a response. > > If you delegate to foo.example.net and the nameserver has > their own copy of example.net rather than foo.example.net > you will get a unexpected SOA records in the negative > response. > > Below is a example of such a bad delegation. The last SOA > record should be owned by www.lawlink.nsw.gov.au not > lawlink.nsw.gov.au. It results in SERVFAIL being returned. > > Mark > > > ; <<>> DiG 9.3.4-P1 <<>> aaaa www.lawlink.nsw.gov.au > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56606 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.lawlink.nsw.gov.au. IN AAAA > > ;; Query time: 63 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Sep 5 12:01:30 2008 > ;; MSG SIZE rcvd: 40 > > ; <<>> DiG 9.3.4-P1 <<>> www.lawlink.nsw.gov.au aaaa +trace > ;; global options: printcmd > . 440024 IN NS h.root-servers.net. > . 440024 IN NS d.root-servers.net. > . 440024 IN NS g.root-servers.net. > . 440024 IN NS i.root-servers.net. > . 440024 IN NS b.root-servers.net. > . 440024 IN NS l.root-servers.net. > . 440024 IN NS m.root-servers.net. > . 440024 IN NS e.root-servers.net. > . 440024 IN NS f.root-servers.net. > . 440024 IN NS a.root-servers.net. > . 440024 IN NS j.root-servers.net. > . 440024 IN NS c.root-servers.net. > . 440024 IN NS k.root-servers.net. > ;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms > > au. 172800 IN NS ns1.audns.net.au. > au. 172800 IN NS dns1.telstra.net. > au. 172800 IN NS sec1.apnic.net. > au. 172800 IN NS sec3.apnic.net. > au. 172800 IN NS adns1.berkeley.edu. > au. 172800 IN NS adns2.berkeley.edu. > au. 172800 IN NS audns.optus.net. > au. 172800 IN NS aunic.aunic.net. > ;; Received 430 bytes from 2001:500:1::803f:235#53(h.root-servers.net) in 244 > ms > > lawlink.nsw.gov.au. 3600 IN NS ns3.uecomm.net.au. > lawlink.nsw.gov.au. 3600 IN NS ns1.uecomm.net.au. > lawlink.nsw.gov.au. 3600 IN NS ns2.uecomm.net.au. > ;; Received 105 bytes from 58.65.255.73#53(ns1.audns.net.au) in 42 ms > > www.lawlink.nsw.gov.au. 3600 IN NS ns1.lawlink.nsw.gov.au. > www.lawlink.nsw.gov.au. 3600 IN NS ns2.lawlink.nsw.gov.au. > ;; Received 108 bytes from 203.94.128.54#53(ns1.uecomm.net.au) in 39 ms > > lawlink.nsw.gov.au. 86400 IN SOA lawlink.nsw.gov.au. > administrator.lawlink.nsw.gov.au. 998545544 28800 7200 604800 86400 > ;; Received 144 bytes from 203.3.186.53#53(ns1.lawlink.nsw.gov.au) in 32 ms > >
