RE: Understanding cause of DNS format error (FORMERR)

Fri, 22 Jun 2012 04:26:27 -0700 

> I'm a BIND novice and I'm trying to understand what causes my BIND9 resolver 
> (bind97-9.7.0-10.P2) to return an error when queried for the A record of 
> vlasext.partners.extranet.microsoft.com:

FWIW I'm not able to reproduce this using a BIND 9.9.1-P1 recursive resolver. 
On this system "dig @localhost vlasext.partners.extranet.microsoft.com a" 
returns the answer 70.42.230.20 and identifies dns11.one.microsoft.com 
(94.245.124.49) as one of four authoritative servers. "dig @94.245.124.49 
vlasext.partners.extranet.microsoft.com a" also returns the answer 
70.42.230.20, but no authority or additional records (except EDNS UDP 4000), 
and with no AA flag set. On the contrary querying one of my own authoritative 
servers, also running BIND 9.9.1-P1, for a record for which it is authoritative 
("dig @ns2.countryday.net countryday.net a") does return the answer along with 
authority and additional records for the name servers and does have the AA flag 
set. Finally querying one of my internal Microsoft DNS servers (Windows Server 
2008 R2 SP1) for a record for which it is authoritative gives me a correct 
answer, no authority or additional records (except EDNS UDP 4000), but does ha
 ve the AA flag set.

> Is it related to the "AA bit strictness"[1] ? 94.245.124.49 is 
> dns11.one.microsoft.com and does indeed reply without setting the AA bit.
> As far as know the 'strictness' was removed in P2, correct me if I'm wrong.

I don't know enough about the history of BIND functionality to answer this. I'm 
sure others will comment.

>From what I observed I would conclude that dns11.one.microsoft.com is a 
>Windows DNS server since it behaves like mine except for the AA flag not being 
>set in theirs. The missing AA flag and lack of authority and additional 
>records in their response seems like improper behavior to me, but I don't know 
>whether or not the DNS protocol actually requires this. Apparently BIND 
>9.9.1-P1 is able to handle this situation.

Hope this is at least somewhat helpful. Jeff.

Jeffry A. Spain
Network Administrator
Cincinnati Country Day School

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to