Understanding cause of DNS format error (FORMERR)
Tony Finch
dot at dotat.at
Mon Jun 25 11:54:29 UTC 2012
It looks to me like this is an EDNS bug. I am querying the authoritative
server directly, with no firewalls in the way. The FORMERR is coming from
the authoritative server not from BIND. I get the same result over IPv4
and IPv6.
They also have a bug in their NXDOMAIN logic: extranet.microsoft.com
does not exist therefore partners.extranet.microsoft.com cannot exist.
; <<>> DiG 9.9.1-P1 <<>> +noedns @ns1.msft.net. partners.extranet.microsoft.com ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9931
;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;partners.extranet.microsoft.com. IN NS
;; ANSWER SECTION:
partners.extranet.microsoft.com. 3600 IN NS dns12.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS dns10.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS dns13.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS dns11.one.microsoft.com.
;; ADDITIONAL SECTION:
dns12.one.microsoft.com. 3600 IN A 207.46.55.10
dns10.one.microsoft.com. 3600 IN A 131.107.125.65
dns13.one.microsoft.com. 3600 IN A 65.55.31.17
dns11.one.microsoft.com. 3600 IN A 94.245.124.49
;; Query time: 159 msec
;; SERVER: 2a01:111:2005::1:1#53(2a01:111:2005::1:1)
;; WHEN: Mon Jun 25 12:38:51 2012
;; MSG SIZE rcvd: 197
; <<>> DiG 9.9.1-P1 <<>> +edns=0 @ns1.msft.net. partners.extranet.microsoft.com ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 20875
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;partners.extranet.microsoft.com. IN NS
;; Query time: 142 msec
;; SERVER: 2a01:111:2005::1:1#53(2a01:111:2005::1:1)
;; WHEN: Mon Jun 25 12:38:57 2012
;; MSG SIZE rcvd: 60
; <<>> DiG 9.9.1-P1 <<>> +noedns @ns1.msft.net extranet.microsoft.com ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 141
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;extranet.microsoft.com. IN NS
;; AUTHORITY SECTION:
microsoft.com. 3600 IN SOA ns1.msft.net.
msnhst.microsoft.com. 2012062205 300 600 2419200 3600
;; Query time: 142 msec
;; SERVER: 2a01:111:2005::1:1#53(2a01:111:2005::1:1)
;; WHEN: Mon Jun 25 12:44:44 2012
;; MSG SIZE rcvd: 95
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Sole, Lundy, Fastnet: Southeast at first in Lundy and Fastnet, otherwise
southwest, 4 or 5. Slight or moderate, occasionally rough in west Sole.
Occasional rain or drizzle, fog patches. Moderate, occasionally very poor.
More information about the bind-users
mailing list