NEED HELP

Mark Andrews Mark_Andrews at isc.org
Thu Dec 1 13:03:01 UTC 2005 

	Get the packet sniffer out and examine the packets.  This
	really looks to me like your requests are getting corrupted
	and the remote nameservers are informing you by returning
	FORMERR.

	FORMERR is logged when a plain DNS (non EDNS) packer is
	received with a rcode of FORMERR.

	You may also want access to a packet sniffer on the other
	end of the satellite link.

	Mark

> System Mandriva 2005 LE with bind-9.3.1 and caching-nameserver-9.2 , with 4
> interfaces serving about 250 windows workstations. After 4 months working nic
> e
> as all my other 20 server, 2 weeks ago it start to give a messages below for
> almost all query :
> 
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving
> 'symantec.loves.the.cock.pheer.biz/A/IN': 213.86.51.129#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving
> 'symantec.loves.the.cock.pheer.biz/A/IN': 209.173.53.162#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving
> 'symantec.loves.the.cock.pheer.biz/A/IN': 199.7.77.126#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving
> 'symantec.loves.the.cock.pheer.biz/A/IN': 209.173.57.162#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving
> 'symantec.loves.the.cock.pheer.biz/A/IN': 209.173.60.65#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving 'imtoey.3-a.net/A/IN':
> 66.34.135.28#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving
> 'symantec.loves.the.cock.pheer.biz/A/IN': 199.7.64.126#53
Dec  1 07:12:24 urucu named[29525]: FORMERR resolving
> 'symantec.loves.the.cock.pheer.biz/A/IN': 209.173.58.65#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving 'imtoey.3-a.net/A/IN':
> 204.16.170.10#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving
> 'symantec.loves.the.cock.pheer.biz/A/IN': 209.173.58.66#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving 'imtoey.3-a.net/A/IN':
> 204.16.170.11#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving 'imtoey.3-a.net/A/IN':
> 68.15.19.50#53
> Dec  1 07:12:24 urucu named[29525]: FORMERR resolving 'imtoey.3-a.net/A/IN':
> 213.198.89.85#53
>  
> 
> and much more worst it begin to resolve names to 0.0.0.0 like below :
> 
> 
> ; <<>> DiG 9.3.1 <<>> @localhost www.i24horas.com.br
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24943
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 6
> 
> ;; QUESTION SECTION:
> ;www.i24horas.com.br. IN A
> 
> ;; ANSWER SECTION:
> www.i24horas.com.br. 22 IN A 0.0.0.0

> ;; AUTHORITY SECTION:
> com.br. 155254 IN NS c.dns.br.
> com.br. 155254 IN NS d.dns.br.
> com.br. 155254 IN NS e.dns.br.
> com.br. 155254 IN NS a.dns.br.
> com.br. 155254 IN NS b.dns.br.
> 
> ;; ADDITIONAL SECTION:
> a.dns.br. 155313 IN A 200.160.0.10
> a.dns.br. 167713 IN AAAA 2001:12ff::10
> b.dns.br. 153880 IN A 200.209.30.5
> c.dns.br. 153880 IN A 200.130.31.5
> d.dns.br. 153880 IN A 204.152.184.70
> e.dns.br. 153880 IN A 139.91.1.20
> 
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Nov 14 18:03:25 2005
> ;; 
> 
> 
> 
> 
> or like
> 
> 
> [root at urucu ~]# nslookup
> > server
> Default server: 200.196.66.29
> Address: 200.196.66.29#53
> Default server: 200.196.66.30
> Address: 200.196.66.30#53
> Default server: 127.0.0.1
> Address: 127.0.0.1#53
> > server 127.0.0.1
> Default server: 127.0.0.1
> Address: 127.0.0.1#53
> > ohmygod.not.br
> Server: 127.0.0.1
> Address: 127.0.0.1#53
> 
> ** server can't find ohmygod.not.br: NXDOMAIN
> > xxx.argo.com.br
> Server: 127.0.0.1
> Address: 127.0.0.1#53
> 
> ** server can't find xxx.argo.com.br: SERVFAIL
> 
> > www.embratel.net
> Server: 127.0.0.1
> Address: 127.0.0.1#53
> 
> ** server can't find www.embratel.net: NXDOMAIN
> > www.embratel.com
> Server: 127.0.0.1
> Address: 127.0.0.1#53
> 
> Non-authoritative answer:
> Name: www.embratel.com
> Address: 0.0.0.0
> 
> 
> 
> I tried to reinstall bind. I tried to work only with eth0 witch is the one
> connect to internet. The internet link is via satellite fro Hugues ISP.
> 
> How can named resolve named to 0.0.0.0 , some day it resolve named to
> diferents address. 
> 
> I am very confusing, need some help.
> 
> Thanks
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list