lame-servers: error (FORMERR) resolving [something]

Daniele d.imbrogino at gmail.com
Wed Jan 9 13:53:58 UTC 2013 

This is the scenario.

I installed BIND9 via `apt-get` on a newly installed UBUNTU 12.04,
virtualized on VirtualBox.
The network works properly because if I indicate a different server from my
own BIND9 (the first line of '/etc/resolv.conf' is, for example,
`nameserver 8.8.8.8`) the lookups and any action on the Internet succeed.

BIND9 configuration is the default one.
I deleted all local zones that I added (even if internal lookups worked
correctly). Now there are only default zones (root, localhost,
127.in-addr.arpa, 0.in-addr.arpa, 255.in-addr.arpa).
Options are the default ones
options {
    directory "/var/cache/bind";

    dnssec-validation auto;

    auth-nxdomain no;

    listen-on-v6 {any;}
};

In this situation, if I dig anything the lookup fails, and the log is full
of "lame server" and "FORMERR".

Why?
Perhaps the problem is due to the presence of “dnssec-validaton“ line?


2013/1/8 Matus UHLAR - fantomas <uhlar at fantomas.sk>

> > Sometimes I can't resolve some addresses and, in the logs, I can find
>>> > the message in the title:
>>> >    lame-servers: error (FORMERR) resolving [something]
>>> > (where `something` is the address I'm trying to resolve).
>>> >
>>> > What does it means?
>>>
>>
>  2013/1/8 Shane Kerr <shane at isc.org>
>>
>>> When acting as a recursive resolver, BIND 9 follows the chain of
>>> delegation from the root, contacting name servers identified for each
>>> domain on the way.
>>>
>>> In this case, one of those name servers returned a packet that BIND 9
>>> did not like for some reason - a FORMat ERRor. The offending server is
>>> marked as "lame" since it cannot answer queries for the domain in
>>> question.
>>>
>>> The message should also include the IP address of the server that it is
>>> going to at the end of the line.
>>>
>>
> On 08.01.13 13:05, Daniele wrote:
>
>> So it's not my responsibility to resolve the problem, right?
>>
>> The point is that, sometimes, I can't resolve an address because of this
>> lame servers, and dig (for example) fails.
>>
>> Is it possible?
>>
>
> possible, yes. but I would not be sure, since there are many different
> reasons for the lookups to fail.
>
> and there are few web services that check proper DNS functionality. I
> advise
> check with more of them, since there's none I would completely trust.
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
> ______________________________**_________________
> Please visit https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130109/89364b72/attachment.html>

More information about the bind-users mailing list