Hi,
I have a bind-9.18.7 system on fedora37 and having some strange errors
with some queries.
$ host info.apr.gov.rs <http://info.apr.gov.rs>
Host info.apr.gov.rs <http://info.apr.gov.rs> not found: 2(SERVFAIL)
in my bind logs I have the following:
16-May-2023 10:37:49.800 resolver: D
n my bind logs I have the following:
16-May-2023 10:37:49.800 resolver: DNS format error from 195.178.56.17#53
resolving ns1.apr.gov.rs/ for : server sent FORMERR
16-May-2023 10:37:49.800 lame-servers: received FORMERR resolving '
ns1.apr.gov.rs//IN': 195.178.56.17#53
16-May-2023 1
not found: 2(SERVFAIL)
>
> in my bind logs I have the following:
> 16-May-2023 10:37:49.800 resolver: DNS format error from 195.178.56.17#53
> resolving ns1.apr.gov.rs/ for : server sent FORMERR
> 16-May-2023 10:37:49.800 lame-servers: received FORMERR resolving '
> ns1.a
Hi,
I have a bind-9.18.7 system on fedora37 and having some strange errors with
some queries.
$ host info.apr.gov.rs
Host info.apr.gov.rs not found: 2(SERVFAIL)
in my bind logs I have the following:
16-May-2023 10:37:49.800 resolver: DNS format error from 195.178.56.17#53
resolving ns1
Mukund Sivaraman wrote:
>
> Mark pointed out on our internal bug ticket that RFC 2308 section 3
> requires "no data" replies from signed zones to have an SOA RR in the
> authority section.
Aha! Thanks for pointing that out :-)
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Biscay: Northerly or
Hi Tony, Yang
On Tue, Jul 28, 2015 at 10:41:49PM +0100, Tony Finch wrote:
> However the weirdness in the NSEC3 record is not what is upsetting BIND,
> and it might be a bug. A noerror response with just NSEC3 and RRSIG(NSEC3)
> in the authority section should (I think) be treated as a type 3 nodat
On Wed, Jul 29, 2015 at 08:13:38AM +0200, Matus UHLAR - fantomas wrote:
> On 29.07.15 03:06, Yang Yu wrote:
> >I configured bind to forward queries to 8.8.8.8
>
> do you have any reason to do this?
> BIND can resolve properly itself, it does not need to forward queries to
> anyone unless you are f
On 29.07.15 03:06, Yang Yu wrote:
I configured bind to forward queries to 8.8.8.8
do you have any reason to do this?
BIND can resolve properly itself, it does not need to forward queries to
anyone unless you are firewalled (in such case, do you really need BIND?)
without forwarding you apparent
Yang Yu wrote:
>
> the query error log can be replicated with "dig www.vip.icann.org ds"
> This sounds like a DNSSEC validation issue, but why would I get DNS
> format error in the log
This is weird and interesting.
The name servers for vip.icann.org are doing some ki
OR with +cd),
but 4.4.4.4 and 208.67.222.222 returns NOERROR
the query error log can be replicated with "dig www.vip.icann.org ds"
This sounds like a DNSSEC validation issue, but why would I get DNS
format error in the log
still not sure why the browser tried to get ds record for
www.vip.
5 12:10 PM
To: bind-users@lists.isc.org
Subject: DNS format error
I spotted DNS format error in bind 9.9.5 log
queries
28-Jul-2015 23:19:27.198 client client_IP #50270 (www.icann.org):
query: www.icann.org IN + (client_IP)
28-Jul-2015 23:19:29.872 client client_IP #46483 (www.icann.org):
I spotted DNS format error in bind 9.9.5 log
queries
28-Jul-2015 23:19:27.198 client client_IP #50270 (www.icann.org):
query: www.icann.org IN + (client_IP)
28-Jul-2015 23:19:29.872 client client_IP #46483 (www.icann.org):
query: www.icann.org IN A + (client_IP)
resolver
28-Jul-2015 23:19
Jim Pazarena wrote:
> I see in my logs "DNS format error from 205.178.190.53#53 resolving
> excelwetsuits.com/MX for client 207.34.147.83#54521: invalid response"
> The client is *my* mail server IP.
>
> I am wondering is this error on MY side or their's ?
Theirs
I see in my logs "DNS format error from 205.178.190.53#53 resolving
excelwetsuits.com/MX for client 207.34.147.83#54521: invalid response"
The client is *my* mail server IP.
I am wondering is this error on MY side or their's ? It doesn't sound
like it.
If it's on t
In article ,
Barry Margolin wrote:
> In article ,
> Sam Wilson wrote:
>
> > For a NXDOMAIN response, or NOERROR with an empty answer section, the
> > server should provide the SOA record in the authority section. That SOA
> > is the apex of the zone which doesn't contain the answer record
In article ,
Sam Wilson wrote:
> For a NXDOMAIN response, or NOERROR with an empty answer section, the
> server should provide the SOA record in the authority section. That SOA
> is the apex of the zone which doesn't contain the answer record you
> asked for, if you see what I mean. The ser
In article ,
Gabriele Paggi wrote:
> Hello Sam,
>
> > There's some kind of delegation bug as well. If I query
> > dns1[0-3].one.microsoft.com for SOA and NS for
> > partners.extranet.microsoft.com you get sensible answers though the
> > origin host is different for each server queried and thos
Hello Sam,
> There's some kind of delegation bug as well. If I query
> dns1[0-3].one.microsoft.com for SOA and NS for
> partners.extranet.microsoft.com you get sensible answers though the
> origin host is different for each server queried and those origins are
> privately addressed.
Which kind o
In article ,
Tony Finch wrote:
> It looks to me like this is an EDNS bug. ...
There's some kind of delegation bug as well. If I query
dns1[0-3].one.microsoft.com for SOA and NS for
partners.extranet.microsoft.com you get sensible answers though the
origin host is different for each server q
Carsten Strotmann (private) wrote:
>
> The FORMERR I'm seeing is also quite odd, as it has the "AD" flag set,
> which should normally not appear in an error type of response, but
> might be caused by a mangled DNS packet:
I think it is echoing the AD bit in the query.
; <<>> DiG 9.9.1-P1 <<>> +
It looks to me like this is an EDNS bug. I am querying the authoritative
server directly, with no firewalls in the way. The FORMERR is coming from
the authoritative server not from BIND. I get the same result over IPv4
and IPv6.
They also have a bug in their NXDOMAIN logic: extranet.microsoft.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
On 6/24/12 10:07 AM, Carsten Strotmann (private) wrote:
> It might even be a new Windows 2012 DNS server, and it might be an
> issue with this new version. This is just speculation, but if it is
> an issue with Windows 2012 DNS, it might be g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Jeffry,
On 6/22/12 1:25 PM, Spain, Dr. Jeffry A. wrote:
> From what I observed I would conclude that dns11.one.microsoft.com
> is a Windows DNS server since it behaves like mine except for the
> AA flag not being set in theirs.
It might even be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Gabriele,
On 6/24/12 5:57 AM, Gabriele Paggi wrote:
> Hello Carsten,
>
> Thanks for your reply!
>> about the FORMERR. This might be caused by a Firewall or other
>> middlebox that truncates the large answer containing the NS
>> record set for
Hello Jeffry,
FWIW I'm not able to reproduce this using a BIND 9.9.1-P1 recursive resolver. On this system "dig @localhost vlasext.partners.extranet.microsoft.com a" returns the answer 70.42.230.20 and identifies dns11.one.microsoft.com (94.245.124.49) as one of four authoritative servers. "dig @
Hello Carsten,
At Men& Mice I've investigated this issue a few weeks ago for one of
our customers. At that point of time, we've seen NS records with
private addresses:
That's interesting but it still doesn't explain why BIND reports a
format error in the reply it receives.
The reply is nonsens
Hello Carsten,
Thanks for your reply!
about the FORMERR. This might be caused by a Firewall or other
middlebox that truncates the large answer containing the NS record set
for this domain.
I see the same if I try to fetch the delegation NS records from the
parent domain (microsoft.com) for part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Gabriele,
On 6/22/12 11:22 AM, Gabriele Paggi wrote:
> I'm a BIND novice and I'm trying to understand what causes my
> BIND9 resolver (bind97-9.7.0-10.P2) to return an error when queried
> for the A record of vlasext.partners.extranet.microsoft
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Gabriele,
On 6/22/12 11:22 AM, Gabriele Paggi wrote:
> I'm a BIND novice and I'm trying to understand what causes my
> BIND9 resolver (bind97-9.7.0-10.P2) to return an error when queried
> for the A record of vlasext.partners.extranet.microsoft.
> I'm a BIND novice and I'm trying to understand what causes my BIND9 resolver
> (bind97-9.7.0-10.P2) to return an error when queried for the A record of
> vlasext.partners.extranet.microsoft.com:
FWIW I'm not able to reproduce this using a BIND 9.9.1-P1 recursive resolver.
On this system "dig
Hello,
I'm a BIND novice and I'm trying to understand what causes my BIND9
resolver (bind97-9.7.0-10.P2) to return an error when queried for the
A record of vlasext.partners.extranet.microsoft.com:
Jun 22 11:14:47 res1 named[32210]: DNS format error from
94.245.124.49#53
ess.com. 3600 IN NS ns14b.newegg.com.
> www.neweggbusiness.com. 3600 IN NS ns13b.newegg.com.
>
> The website uses links with both these names, and much of it doesn't work when
> using our bind server for recursive queries - the A rec for "www.neweggbusine
> ss.com&quo
s13b.newegg.com.
The website uses links with both these names, and much of it doesn't work when
using our bind server for recursive queries - the A rec for
"www.neweggbusiness.com" does not resolve using my bind9 server (DNS format
error), but does return if I query the NS f
In message <50f2fa04b0ce44d496491214ac8eb...@internal.corp.ds>, "ic.nssip" writ
es:
> Hello everyone,
>
> I hope somebody can tell me why I'm getting so many "DNS format error" =
> on a DNS Server running BIND 9.7.0 on a Solaris 10 machine.
> T
On Tue, Apr 27, 2010 at 07:40:20PM -0600, ic.nssip wrote:
> I hope somebody can tell me why I'm getting so many "DNS format
> error" on a DNS Server running BIND 9.7.0 on a Solaris 10 machine.
> The server is resolving fine queries for normal traffic. Is just
>
Hello everyone,
I hope somebody can tell me why I'm getting so many "DNS format error" on a DNS
Server running BIND 9.7.0 on a Solaris 10 machine.
The server is resolving fine queries for normal traffic. Is just syslog that
gets tones of messages like the ones in the next cap
On Thu, 18 Mar 2010, Jeff A. Earickson wrote:
Hi,
I just upgraded bind on my mail server from 9.6.2 to 9.7.0-P1,
and now I'm getting a flood of these in my syslog:
DNS format error from 218.10.19.172#53 resolving hisfield.ru/NS for client
137.146.28.72#22500: invalid response
with va
Hi,
I just upgraded bind on my mail server from 9.6.2 to 9.7.0-P1,
and now I'm getting a flood of these in my syslog:
DNS format error from 218.10.19.172#53 resolving hisfield.ru/NS
for client 137.146.28.72#22500: invalid response
with various IP's and record types. Most of thes
38 matches
Mail list logo