SERVFAIL/FORMERR/EINVAL on AAAA query
Mark Andrews
Mark_Andrews at isc.org
Thu Jul 27 10:58:30 UTC 2006
> Greetings,
>
> Need an advice here, any idea what could be wrong with t_AAAA queries on
> these hosts ? :
>
> emi.lancasterlabs.com.
> smail.lancasterlabs.com.
> mail.iss.it.
>
> Using BIND v9.3.x, I get SERVFAIL:
> ==========
> 10:40:24 root at zaibas:~# rndc flush
> 10:40:29 root at zaibas:~# dig AAAA emi.lancasterlabs.com.
>
> ; <<>> DiG 9.3.2 <<>> AAAA emi.lancasterlabs.com.
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62077
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;emi.lancasterlabs.com. IN AAAA
>
> ;; Query time: 1260 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jul 27 10:40:31 2006
> ;; MSG SIZE rcvd: 39
> ==========
>
> with further details revealing FORMERR in debug log:
>
> ==========
> 27-Jul-2006 09:55:37.552 resolver: resquery 0x83a1c00 (fctx
> 0x8250a00(emi.lancasterlabs.com/AAAA)): response
> 27-Jul-2006 09:55:37.552 general: message has 3 byte(s) of trailing garbage
> 27-Jul-2006 09:55:37.552 resolver: received packet:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49309
> ;; flags: qr aa ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;emi.lancasterlabs.com. IN AAAA
>
> ;; AUTHORITY SECTION:
lancasterlabs.com. 86400 IN SOA lancasterlabs.com.
> administrator.lancasterlabs.com. 998545544 28800 7200 6
> 04800 86400
>
>
> 27-Jul-2006 09:55:37.552 resolver: fctx
> 0x8250a00(emi.lancasterlabs.com/AAAA'): noanswer_response
> 27-Jul-2006 09:55:37.552 resolver: fctx
> 0x8250a00(emi.lancasterlabs.com/AAAA'): cancelquery
> 27-Jul-2006 09:55:37.552 dispatch: dispatch 0x8229000 response 0x852b300
> 65.163.209.74#53: detaching from task 0x823d600
> 27-Jul-2006 09:55:37.552 dispatch: dispatch 0x8229000: detach: refcount 6
> 27-Jul-2006 09:55:37.552 resolver: fctx
> 0x8250a00(emi.lancasterlabs.com/AAAA'): add_bad
> 27-Jul-2006 09:55:37.552 lame-servers: FORMERR resolving
> 'emi.lancasterlabs.com/AAAA/IN': 65.163.209.74#53
> ==========
>
> Tried to trace the thing and FORMERR is returned from following part of
> noanswer_response() code:
>
> ===== resolver.c lines 4252-4272 =====
> /*
> * Did we find anything?
> */
> if (!negative_response && ns_name == NULL) {
> /*
> * Nope.
> */
> if (oqname != NULL) {
> /*
> * We've already got a partial CNAME/DNAME chain,
> * and haven't found else anything useful here, but
> * no error has occurred since we have an answer.
> */
> return (ISC_R_SUCCESS);
> } else {
> /*
> * The responder is insane.
> */
> return (DNS_R_FORMERR);
> }
> }
> ==========
>
> The problem is that on FreeBSD boxes (starting with FreeBSD v5.3 and up,
> my guess is when BIND v9 resolver was integrated) sendmail now gets
> h_errno=EINVAL (errno=h_errno below) for these queries, so resolver
> option WorkAroundBrokenAAAA is not working anymore:
>
> ===== sendmail v8.13.6 daemon.c lines 2318-2326 =====
> if (WorkAroundBrokenAAAA && family == AF_INET6 &&
> errno == ETIMEDOUT)
> {
> /*
> ** An attempt with family AF_INET may
> ** succeed By skipping the next section
> ** of code, we will try AF_INET before
> ** failing.
> ==========
>
> Regards,
> Evaldas
Note the SOA record in the last response should be owned
by emi.lancasterlabs.com not lancasterlabs.com. Named
rejects answers which move back up heirachy.
Mark
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
;; Received 511 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 169 ms
lancasterlabs.com. 172800 IN NS ns1.everydns.net.
lancasterlabs.com. 172800 IN NS ns2.everydns.net.
lancasterlabs.com. 172800 IN NS ns3.everydns.net.
lancasterlabs.com. 172800 IN NS ns4.everydns.net.
;; Received 187 bytes from 192.48.79.30#53(J.GTLD-SERVERS.NET) in 322 ms
emi.lancasterlabs.com. 3600 IN NS linkproof-1.lancasterlabs.com.
emi.lancasterlabs.com. 3600 IN NS linkproof-2.lancasterlabs.com.
;; Received 123 bytes from 63.219.183.200#53(ns4.everydns.net) in 241 ms
lancasterlabs.com. 86400 IN SOA lancasterlabs.com. administrator
.lancasterlabs.com. 998545544 28800 7200 604800 86400
;; Received 143 bytes from 65.163.209.74#53(linkproof-1.lancasterlabs.com) in 25
3 ms
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list