Understanding cause of DNS format error (FORMERR)

Tony Finch dot at dotat.at
Mon Jun 25 11:54:29 UTC 2012 

It looks to me like this is an EDNS bug. I am querying the authoritative
server directly, with no firewalls in the way. The FORMERR is coming from
the authoritative server not from BIND. I get the same result over IPv4
and IPv6.

They also have a bug in their NXDOMAIN logic: extranet.microsoft.com
does not exist therefore partners.extranet.microsoft.com cannot exist.


; <<>> DiG 9.9.1-P1 <<>> +noedns @ns1.msft.net. partners.extranet.microsoft.com ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9931
;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;partners.extranet.microsoft.com. IN    NS

;; ANSWER SECTION:
partners.extranet.microsoft.com. 3600 IN NS     dns12.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS     dns10.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS     dns13.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS     dns11.one.microsoft.com.

;; ADDITIONAL SECTION:
dns12.one.microsoft.com. 3600   IN      A       207.46.55.10
dns10.one.microsoft.com. 3600   IN      A       131.107.125.65
dns13.one.microsoft.com. 3600   IN      A       65.55.31.17
dns11.one.microsoft.com. 3600   IN      A       94.245.124.49

;; Query time: 159 msec
;; SERVER: 2a01:111:2005::1:1#53(2a01:111:2005::1:1)
;; WHEN: Mon Jun 25 12:38:51 2012
;; MSG SIZE  rcvd: 197


; <<>> DiG 9.9.1-P1 <<>> +edns=0 @ns1.msft.net. partners.extranet.microsoft.com ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 20875
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;partners.extranet.microsoft.com. IN    NS

;; Query time: 142 msec
;; SERVER: 2a01:111:2005::1:1#53(2a01:111:2005::1:1)
;; WHEN: Mon Jun 25 12:38:57 2012
;; MSG SIZE  rcvd: 60


; <<>> DiG 9.9.1-P1 <<>> +noedns @ns1.msft.net extranet.microsoft.com ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 141
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;extranet.microsoft.com.                IN      NS

;; AUTHORITY SECTION:
microsoft.com.          3600    IN      SOA     ns1.msft.net.
msnhst.microsoft.com. 2012062205 300 600 2419200 3600

;; Query time: 142 msec
;; SERVER: 2a01:111:2005::1:1#53(2a01:111:2005::1:1)
;; WHEN: Mon Jun 25 12:44:44 2012
;; MSG SIZE  rcvd: 95


Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Sole, Lundy, Fastnet: Southeast at first in Lundy and Fastnet, otherwise
southwest, 4 or 5. Slight or moderate, occasionally rough in west Sole.
Occasional rain or drizzle, fog patches. Moderate, occasionally very poor.

More information about the bind-users mailing list