DNS Format error ...

Mark Andrews marka at isc.org
Wed Mar 28 21:20:02 UTC 2012 

The problem is that their servers are returning non-authoritative
answers from the cache without also adding the NS records for the
child zone to allow the interative resolver to find a authoritative
answer.  The parent server is configured as a recursive server not
a authoritative server.

On top of that you appear to be running BIND 9.7.0 which rejects
non-authoritative answers when it is supposed to be talking to
authoritative servers.  Upgrade named and you should be fine.

Mark

In message <01f1f5b3-72a3-4bb7-a506-5cc4fc1d4246 at mail1.datasyncorp.com>, Tim Kel
ley writes:
> 
> We've been having this issues with neweggbusiness.com - it seems the A rec for
>  neweggbusiness.com is round robin load balanced: 
> 
> ;; ANSWER SECTION: 
> neweggbusiness.com. 3600 IN A 216.52.208.154 
> neweggbusiness.com. 3600 IN A 204.14.213.154 
> 
> ;; ANSWER SECTION: 
> neweggbusiness.com. 3600 IN NS dns2.magnellmail.net. 
> neweggbusiness.com. 3600 IN NS dns1.magnellmail.net. 
> 
> ... and "www.neweggbusiness.com" is an actual zone delegated to a different se
> t of name servers 
> 
> ;; ANSWER SECTION: 
> www.neweggbusiness.com. 3600 IN NS ns14b.newegg.com. 
> www.neweggbusiness.com. 3600 IN NS ns13b.newegg.com. 
> 
> The website uses links with both these names, and much of it doesn't work when
>  using our bind server for recursive queries - the A rec for "www.neweggbusine
> ss.com" does not resolve using my bind9 server (DNS format error), but does re
> turn if I query the NS for neweggbusiness.com directly (below). I see this is 
> not an authoritative answer, which it should be for the A record, no? The zone
>  delegation and the A rec for www.neweggbusiness.com should both exist on the 
> NS for parent zone, right? Is this the problem? If I dig against the NS for "w
> ww.neweggbusiness.com" I get an aa flag, but I should get an aa flag from the 
> nameservers for the parent zone on that same query, I think. Nevertheless, the
>  site works for most people - google's nameserver (8.8.8.8) seems to have no p
> roblem with it, for example. 
> 
> querying the NS for neweggbusiness.com - 
> 
> dig @216.52.208.156 www.neweggbusiness.com a 
> 
> ; <<>> DiG 9.7.0-P1 <<>> @216.52.208.156 www.neweggbusiness.com a 
> ; (1 server found) 
> ;; global options: +cmd 
> ;; Got answer: 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13532 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
> 
> ;; QUESTION SECTION: 
> ;www.neweggbusiness.com. IN A 
> 
> ;; ANSWER SECTION: 
> www.neweggbusiness.com. 1348 IN A 216.52.208.168 
> 
> ;; Query time: 61 msec 
> ;; SERVER: 216.52.208.156#53(216.52.208.156) 
> ;; WHEN: Wed Mar 28 09:29:50 2012 
> ;; MSG SIZE rcvd: 56 
> 
> 
> 
> Tim Kelley 
> tim at c4tech.com 
> 504-896-8324 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list