Dig ANY gives SERVFAIL / FORMERR
ipaq3870 at gmail.com
Wed Sep 23 18:53:56 UTC 2009
I operate a caching naming server version 9.5.0-P1 for a small work
group that includes an email server. From the server log file, there
are occasional DNS error messages.
Upon closer examination using a packet sniffer, the email server sends
out queries of type ANY for all sender/recipient domain names. There
are just some domains which cause errors, for example, youbei.cc
(which is not under our control.)
I tried dig any youbei.cc and it returns the following error:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64259
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
With heavy tracing turned on and rndc flush before executing the
command, it gave the following log entries that I excerpted below:
24-Sep-2009 02:07:35.878 received packet:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28529
;; flags: qr aa ; QUESTION: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;youbei.cc. IN A
;; ANSWER SECTION:
youbei.cc. 86400 IN SOA ns1.72dns.com. admin.youbei.cc.
100 3600 900 86400 3600
youbei.cc. 3600 IN NS ns1.72dns.com.
youbei.cc. 3600 IN NS ns2.72dns.com.
youbei.cc. 3600 IN MX 10 mail.youbei.cc.
youbei.cc. 3600 IN A 22.214.171.124
;; ADDITIONAL SECTION:
ns1.72dns.com. 3600 IN A 126.96.36.199
ns2.72dns.com. 3600 IN A 188.8.131.52
mail.youbei.cc. 3600 IN A 184.108.40.206
24-Sep-2009 02:07:35.879 fctx d18160(youbei.cc/ANY'): cancelquery
24-Sep-2009 02:07:35.879 sockmgr dbea0: watcher got message -2 for socket -1
24-Sep-2009 02:07:35.880 dispatch 160dc88 response 160ce28
220.127.116.11#53: detaching from task ca310
24-Sep-2009 02:07:35.880 dispatch 160dc88: detach: refcount 0
24-Sep-2009 02:07:35.880 fctx d18160(youbei.cc/ANY'): add_bad
24-Sep-2009 02:07:35.881 dispatch 160dc88: got packet: requests 0,
buffers 1, recvs 1
24-Sep-2009 02:07:35.881 FORMERR resolving 'youbei.cc/ANY/IN': 18.104.22.168#53
24-Sep-2009 02:07:35.881 fctx d18160(youbei.cc/ANY'): try
24-Sep-2009 02:07:35.882 fctx d18160(youbei.cc/ANY'): query
It looks like that the authoritative name server for youbei.cc
actually did return some answers, but somehow bind gave a FORMERR for
some unknown reasons, which I think it caused a SERVFAIL to be
reported in turn. Interestingly, dig any youbei.cc +trace ran
successfully and did not report any error.
Does anyone know what might have caused this problem?
More information about the bind-users