non-improving referral

Mark Andrews marka at isc.org
Thu Oct 28 02:38:13 UTC 2010 

In message <20101026161348.GJ2341 at omroep.nl>, Leo Baltus writes:
> Hi,
> 
> We are in the process of migrating from bind-9.4-ESV-R2 to bind-9.7.2-P2.
> 
> We have our authoritative servers migrated to bind-9.7.2-P2 and it all
> seems to work fine.
> 
> While testing our caching resolvers with bind-9.7.2-P2 however, we
> noticed some errors in our logfiles we have never seen before.
> 
> Oct 26 09:52:03 myhost named[21085]: DNS format error from 1.5.3.4#53 resolvi
> ng 1.2.4.2.x.y.z.example.com/TXT for client 1.5.3.203#15637: non-improving re
> ferral
> Oct 26 09:52:03 myhost named[21085]: DNS format error from 1.5.2.2#53 resolvi
> ng 1.2.4.2.x.y.z.example.com/TXT for client 1.5.3.203#15637: non-improving re
> ferral
> 
> Obviously I have obscured some data here :) As you may guess this is a
> query for a TXT record from a blocklist-daemon.
> 
> The nameservers on 1.5.3.4 and 1.5.2.2 are bind-9.7.2-P2.
> 
> The queried domains are hosted by us and the hopefully relevant part of
> the zone looks like this:
> 
> x.y.z.example.com.   IN NS   bl1a.example.com.
> x.y.z.example.com.   IN NS   bl1b.example.com.
> 
> A dump of the cache shows NS and A records are in the cache for bl1[ab]
> however, on each non-cached query from the client both errorlines
> are printed in the log suggesting the resolver is not using the cached
> NS records.
> 
> The client receives a valid answer, so my only real problem seems to be
> the amount of spam I get in our logfiles.
> 
> The blocklist is served by rbldnsd, manually query-ing gives my a
> valid response.
> 
> Could anybody tell me what problem bind is complaining about?
> 
> Please CC me as I am not on this list.

Run "dig +trace +all 1.2.4.2.x.y.z.example.com txt" and look at the
results.  Somewhere in that chain there will be a broken delegation.
This may manifest itself as a authority section in the reply that
doesn't match the delegation.
 
> -- 
> Leo Baltus, internetbeheerder                         /\
> NPO ICT Internet Services                            /NPO/\
> Sumatralaan 45, 1217 GP Hilversum, Filmcentrum, west \  /\/
> beheer at omroep.nl, 035-6773555                         \/
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list