FORMERR during DNS queries

Eric Swenson eric at swenson.org
Tue May 5 14:44:34 UTC 2009 

I'm seeing lots of DNS resolution failures on my router (running Utuntu
8.10, bind 9.3.4).  While most succeed, I get quite a few FORMERR errors
similar to:
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 66.151.140.2#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 192.168.3.1#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 192.112.36.4#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 128.63.2.53#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 192.228.79.201#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 192.36.148.17#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 202.12.27.33#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 192.33.4.12#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 192.5.5.241#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 192.58.128.30#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 128.8.10.90#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 198.41.0.4#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 192.203.230.10#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 193.0.14.129#53
May  4 20:25:25 localhost named[19579]: FORMERR resolving '
imap.gmail.com/A/IN': 199.7.83.42#53

I'm running an iptables firewall on this box, which is connected to the
internet via a wireless access point on my roof with a link to my ISP.  As a
result of the above FORMERRs, clients on my lan are unable to resolve
addresses -- in the above case, imap.gmail.com, and therefore are unable to
access mail.  Upon the recommendations of someone familiar with the relevant
technologies, I've updated my DNS (named.conf) to set the edns-udp-size 500
option.  This had no effect.

If I use dig to resolve imap.gmail.com manually, by specifying any of the
above-mentioned DNS servers, everything works fine.  In fact, I can usually
force my DNS server to begin resolving these address (e.g. imap.gmail.com)
for a LITTLE while, by manually using nslookup and querying first for the NS
record of gmail.com, and then for the A record of imap.gmail.com.  Once I
succeed in getting a resolution, the address record is cached, and my DNS
will resolve the hostname until the cache time is exceeded. And then I'm
back to no resolution and FORMERRs.

Can anyone suggest anything I can try?

Thanks much. -- Eric

PS: If this message appears twice on the list, I apologize.  I'm not seeing
my posts show up (although I'm seeing others' posts)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090505/3de9c6cb/attachment.html>

More information about the bind-users mailing list