Try a dig +trace.
- Kevin
ListAcc wrote:
> I don't believe there is a delegation problem:
>
> ns1/ns2.isp.net - which hosts isp.net and customers
> dns1/dns2.isp.net - which hosts customers only
>
> what do you think?
>
> Mark Andrews wrote:
>
>>> FORMERR is strange. Generally speaking, you should not be seeing FORMERR
>>> in queries between 2 different BIND instances.
>>>
>>> It's looking increasingly to me like a bad NAT/PAT device, mangling your
>>> packets. Maybe it doesn't understand EDNS0 (?) My next step would
>>> probably be to run a packet trace/capture, although, on the off-chance
>>> that it's EDNS0-related, you might try turning that off and see if it
>>> makes a difference.
>>>
>>>
>>> - Kevin
>>>
>>>
>> Named logs FORMERR when it receives a unexpected SOA record
>> on a response.
>>
>> If you delegate to foo.example.net and the nameserver has
>> their own copy of example.net rather than foo.example.net
>> you will get a unexpected SOA records in the negative
>> response.
>>
>> Below is a example of such a bad delegation. The last SOA
>> record should be owned by www.lawlink.nsw.gov.au not
>> lawlink.nsw.gov.au. It results in SERVFAIL being returned.
>>
>> Mark
>>
>>
>> ; <<>> DiG 9.3.4-P1 <<>> aaaa www.lawlink.nsw.gov.au
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56606
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.lawlink.nsw.gov.au. IN AAAA
>>
>> ;; Query time: 63 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Fri Sep 5 12:01:30 2008
>> ;; MSG SIZE rcvd: 40
>>
>> ; <<>> DiG 9.3.4-P1 <<>> www.lawlink.nsw.gov.au aaaa +trace
>> ;; global options: printcmd
>> . 440024 IN NS h.root-servers.net.
>> . 440024 IN NS d.root-servers.net.
>> . 440024 IN NS g.root-servers.net.
>> . 440024 IN NS i.root-servers.net.
>> . 440024 IN NS b.root-servers.net.
>> . 440024 IN NS l.root-servers.net.
>> . 440024 IN NS m.root-servers.net.
>> . 440024 IN NS e.root-servers.net.
>> . 440024 IN NS f.root-servers.net.
>> . 440024 IN NS a.root-servers.net.
>> . 440024 IN NS j.root-servers.net.
>> . 440024 IN NS c.root-servers.net.
>> . 440024 IN NS k.root-servers.net.
>> ;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
>>
>> au. 172800 IN NS ns1.audns.net.au.
>> au. 172800 IN NS dns1.telstra.net.
>> au. 172800 IN NS sec1.apnic.net.
>> au. 172800 IN NS sec3.apnic.net.
>> au. 172800 IN NS adns1.berkeley.edu.
>> au. 172800 IN NS adns2.berkeley.edu.
>> au. 172800 IN NS audns.optus.net.
>> au. 172800 IN NS aunic.aunic.net.
>> ;; Received 430 bytes from 2001:500:1::803f:235#53(h.root-servers.net) in
>> 244 ms
>>
>> lawlink.nsw.gov.au. 3600 IN NS ns3.uecomm.net.au.
>> lawlink.nsw.gov.au. 3600 IN NS ns1.uecomm.net.au.
>> lawlink.nsw.gov.au. 3600 IN NS ns2.uecomm.net.au.
>> ;; Received 105 bytes from 58.65.255.73#53(ns1.audns.net.au) in 42 ms
>>
>> www.lawlink.nsw.gov.au. 3600 IN NS ns1.lawlink.nsw.gov.au.
>> www.lawlink.nsw.gov.au. 3600 IN NS ns2.lawlink.nsw.gov.au.
>> ;; Received 108 bytes from 203.94.128.54#53(ns1.uecomm.net.au) in 39 ms
>>
>> lawlink.nsw.gov.au. 86400 IN SOA lawlink.nsw.gov.au.
>> administrator.lawlink.nsw.gov.au. 998545544 28800 7200 604800 86400
>> ;; Received 144 bytes from 203.3.186.53#53(ns1.lawlink.nsw.gov.au) in 32 ms
>>
>>
>>
>
>
>
>
>
