SERVFAIL/FORMERR/EINVAL on AAAA query

Evaldas Auryla evaldas.auryla at pheur.org
Thu Jul 27 09:58:39 UTC 2006


Greetings,

Need an advice here, any idea what could be wrong with t_AAAA queries on 
these hosts ? :

emi.lancasterlabs.com.
smail.lancasterlabs.com.
mail.iss.it.

Using BIND v9.3.x, I get SERVFAIL:
==========
10:40:24 root at zaibas:~# rndc flush
10:40:29 root at zaibas:~# dig AAAA emi.lancasterlabs.com.

; <<>> DiG 9.3.2 <<>> AAAA emi.lancasterlabs.com.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62077
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;emi.lancasterlabs.com.         IN      AAAA

;; Query time: 1260 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 27 10:40:31 2006
;; MSG SIZE  rcvd: 39
==========

with further details revealing FORMERR in debug log:

==========
27-Jul-2006 09:55:37.552 resolver: resquery 0x83a1c00 (fctx 
0x8250a00(emi.lancasterlabs.com/AAAA)): response
27-Jul-2006 09:55:37.552 general: message has 3 byte(s) of trailing garbage
27-Jul-2006 09:55:37.552 resolver: received packet:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  49309
;; flags: qr aa ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;emi.lancasterlabs.com.         IN      AAAA

;; AUTHORITY SECTION:
lancasterlabs.com.      86400   IN      SOA     lancasterlabs.com. 
administrator.lancasterlabs.com. 998545544 28800 7200 6
04800 86400


27-Jul-2006 09:55:37.552 resolver: fctx 
0x8250a00(emi.lancasterlabs.com/AAAA'): noanswer_response
27-Jul-2006 09:55:37.552 resolver: fctx 
0x8250a00(emi.lancasterlabs.com/AAAA'): cancelquery
27-Jul-2006 09:55:37.552 dispatch: dispatch 0x8229000 response 0x852b300 
65.163.209.74#53: detaching from task 0x823d600
27-Jul-2006 09:55:37.552 dispatch: dispatch 0x8229000: detach: refcount 6
27-Jul-2006 09:55:37.552 resolver: fctx 
0x8250a00(emi.lancasterlabs.com/AAAA'): add_bad
27-Jul-2006 09:55:37.552 lame-servers: FORMERR resolving 
'emi.lancasterlabs.com/AAAA/IN': 65.163.209.74#53
==========

Tried to trace the thing and FORMERR is returned from following part of 
noanswer_response() code:

===== resolver.c lines 4252-4272 =====
        /*
         * Did we find anything?
         */
        if (!negative_response && ns_name == NULL) {
                /*
                 * Nope.
                 */
                if (oqname != NULL) {
                        /*
                         * We've already got a partial CNAME/DNAME chain,
                         * and haven't found else anything useful here, but
                         * no error has occurred since we have an answer.
                         */
                        return (ISC_R_SUCCESS);
                } else {
                        /*
                         * The responder is insane.
                         */
                        return (DNS_R_FORMERR);
                }
        }
==========

The problem is that on FreeBSD boxes (starting with FreeBSD v5.3 and up, 
my guess is when BIND v9 resolver was integrated) sendmail now gets 
h_errno=EINVAL (errno=h_errno below) for these queries, so resolver 
option WorkAroundBrokenAAAA is not working anymore:

===== sendmail v8.13.6 daemon.c lines 2318-2326 =====
                        if (WorkAroundBrokenAAAA && family == AF_INET6 &&
                            errno == ETIMEDOUT)
                        {
                                /*
                                **  An attempt with family AF_INET may
                                **  succeed By skipping the next section
                                **  of code, we will try AF_INET before
                                **  failing.
==========

Regards,
Evaldas



More information about the bind-users mailing list