Understanding cause of DNS format error (FORMERR)

Gabriele Paggi gabriele.pgi at gmail.com
Sun Jun 24 03:58:25 UTC 2012 

Hello Carsten,

Thanks for your reply!
> about the FORMERR. This might be caused by a Firewall or other
> middlebox that truncates the large answer containing the NS record set
> for this domain.
>
> I see the same if I try to fetch the delegation NS records from the
> parent domain (microsoft.com) for partners.extranet.microsoft.com:
That doesn't explain why I get a correct reply to my query if I use a 
Windows DNS or one of the Google DNS (what software do they run?) or my 
home ISP DNS (UPC, Netherlands).

stanislao:~ gpaggi$ dig A @62.179.104.196 
vlasext.partners.extranet.microsoft.com +short
70.42.230.20
stanislao:~ gpaggi$ dig A @8.8.8.8 
vlasext.partners.extranet.microsoft.com +short
70.42.230.20

I'm trying to understand if this behavior is specific to the BIND 
release that I'm running (should be the latest available on CentOS 5) 
and what's triggering it.
Increasing debug logging to 90 doesn't tell me what's wrong with the 
reply BIND gets from the Microsoft DNS.

> # dig @ns1.msft.net. partners.extranet.microsoft.com ns
[...]

> If some other members of this mailing list also see the same FORMERR
> (I'm seeing it over IPv4+IPv6), that is is very likely a firewall or
> middlebox on the Microsoft side.
I do get indeed a reply from my home connection:

stanislao:~ gpaggi$ dig @ns1.msft.net. partners.extranet.microsoft.com ns

; <<>> DiG 9.6-ESV-R4-P3 <<>> @ns1.msft.net. 
partners.extranet.microsoft.com ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37303
;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;partners.extranet.microsoft.com. IN    NS

;; ANSWER SECTION:
partners.extranet.microsoft.com. 3600 IN NS    dns13.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS    dns11.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS    dns12.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS    dns10.one.microsoft.com.

;; ADDITIONAL SECTION:
dns13.one.microsoft.com. 3600    IN    A    65.55.31.17
dns11.one.microsoft.com. 3600    IN    A    94.245.124.49
dns12.one.microsoft.com. 3600    IN    A    207.46.55.10
dns10.one.microsoft.com. 3600    IN    A    131.107.125.65

;; Query time: 201 msec
;; SERVER: 65.55.37.62#53(65.55.37.62)
;; WHEN: Sun Jun 24 05:51:37 2012
;; MSG SIZE  rcvd: 197


Gabriele

PS. Carsten, apologizes for the double message.

More information about the bind-users mailing list