Understanding cause of DNS format error (FORMERR)

Barry Margolin barmar at alum.mit.edu
Tue Jun 26 14:09:44 UTC 2012

In article <mailman.1144.1340718471.63724.bind-users at lists.isc.org>,
 Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:

> For a NXDOMAIN response, or NOERROR with an empty answer section, the 
> server should provide the SOA record in the authority section.  That SOA 
> is the apex of the zone which doesn't contain the answer record you 
> asked for, if you see what I mean.  The server is proving that it has 
> authority to tell you that the information doesn't exist.

More important, the SOA record contains the TTL that should be used for 
the negative cache entry.

> The fact that looking for nonexistent data for 
> vlasext.partners.extranet.microsoft.com returns the 
> partners.extranet.microsoft.com SOA record shows that the vlasext 
> subdomain has not been delegated.  The servers should therefore be able 
> to offer an authoritative answer for data that does exist for 
> vlasext.etc... but they don't.

This type of inconsistency often suggests a DNS-based load balancer is 

Barry Margolin
Arlington, MA

More information about the bind-users mailing list