Re: [dns-operations] Command Line BIND Query to Delegating Name Servers Gives FORMERR - Is this Bad for Normal DNS Operations by Public Resolvers?

Mon, 20 Sep 2021 07:21:47 -0700 

Hi Jason,

I think you already answered yourself in your blog post:
https://kevinlocke.name/bits/2017/01/20/formerr-from-microsoft-dns-server-for-dig/
> This behavior appears to violate “Any OPTION-CODE values not understood by a responder or requestor MUST be ignored.” from Section 6.1.2 of RFC 6891, but that is of small consolation for a non-working system. 

So yes, the authoritative server most likely has a bug.
How to approach the operation in question - that's a hard problem. You can either try various contacts you find, you can ask send name of the domain here and ask them to contact you off-list. For TLDs this method can work surprisingly well :-) 

Good luck.
Petr Špaček

On 20. 09. 21 15:37, Jason Hynds wrote:

Hi,

I hope that the following conforms to the content expected of this list.
I stumbled on some /name servers/ (a branch of a ccTLD, performing a public good service, as far as I know) which are giving a FORMat ERRor (FORMERR) to default /dig/ queries from the command line as described in the referenced webpage, see [1] below. The workaround of +nocookie described in the blog allows for a successful query response. /Nslookup/ queries work fine.
I should mention that I have no administrative authority of the name servers showing this condition. I'm just noticed the behaviour whilst checking on a DNS hosting migration for a client of the name servers exhibiting the behaviour. 


Would someone be able to advise me on:

 1. How bad it may be for an authoritative or delegating name server to
    be exhibiting this behaviour?
 2. Does this potentially cause a resolution outage, or would a BIND
    server adjust and re-query in order to obtain a usable result?
 3. Is the BIND server non-compliant, or the likely Microsoft DNS
    non-compliant, to an RFC?
 4. How would I explain such an issue to a name server operator who I do
    not know?
I appreciate any guidance provided. I apologies in advance if I violated any list policy. Thanks for any assistance. 


*REFERENCE*

    [1] FORMERR from Microsoft DNS Server for DIG. Posted January 20,
    2017 at 11:18 PM MST by Kevin Locke
    
<https://kevinlocke.name/bits/2017/01/20/formerr-from-microsoft-dns-server-for-dig
    
<https://kevinlocke.name/bits/2017/01/20/formerr-from-microsoft-dns-server-for-dig>>.


Regards,


Jason Hynds.


_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Reply via email to