Patrick Yu ipaq3870 at gmail.com
Wed Sep 23 18:53:56 UTC 2009


I operate a caching naming server version 9.5.0-P1 for a small work
group that includes an email server. From the server log file, there
are occasional DNS error messages.

Upon closer examination using a packet sniffer, the email server sends
out queries of type ANY for all sender/recipient domain names. There
are just some domains which cause errors, for example, youbei.cc
(which is not under our control.)

I tried dig any youbei.cc and it returns the following error:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64259
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

With heavy tracing turned on and rndc flush before executing the
command, it gave the following log entries that I excerpted below:

24-Sep-2009 02:07:35.878 received packet:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  28529
;; flags: qr aa ; QUESTION: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
;youbei.cc.                     IN      A

youbei.cc.              86400   IN      SOA     ns1.72dns.com. admin.youbei.cc.
100 3600 900 86400 3600
youbei.cc.              3600    IN      NS      ns1.72dns.com.
youbei.cc.              3600    IN      NS      ns2.72dns.com.
youbei.cc.              3600    IN      MX      10 mail.youbei.cc.
youbei.cc.              3600    IN      A

ns1.72dns.com.          3600    IN      A
ns2.72dns.com.          3600    IN      A
mail.youbei.cc.         3600    IN      A

24-Sep-2009 02:07:35.879 fctx d18160(youbei.cc/ANY'): cancelquery
24-Sep-2009 02:07:35.879 sockmgr dbea0: watcher got message -2 for socket -1
24-Sep-2009 02:07:35.880 dispatch 160dc88 response 160ce28 detaching from task ca310
24-Sep-2009 02:07:35.880 dispatch 160dc88: detach: refcount 0
24-Sep-2009 02:07:35.880 fctx d18160(youbei.cc/ANY'): add_bad
24-Sep-2009 02:07:35.881 dispatch 160dc88: got packet: requests 0,
buffers 1, recvs 1
24-Sep-2009 02:07:35.881 FORMERR resolving 'youbei.cc/ANY/IN':
24-Sep-2009 02:07:35.881 fctx d18160(youbei.cc/ANY'): try
24-Sep-2009 02:07:35.882 fctx d18160(youbei.cc/ANY'): query

It looks like that the authoritative name server for youbei.cc
actually did return some answers, but somehow bind gave a FORMERR for
some unknown reasons, which I think it caused a SERVFAIL to be
reported in turn. Interestingly, dig any youbei.cc +trace ran
successfully and did not report any error.

Does anyone know what might have caused this problem?

Best regards,

More information about the bind-users mailing list