lame-servers: error (FORMERR) resolving [something]

Lyle Giese lyle at
Sat Jan 12 04:08:58 UTC 2013

On 01/11/13 03:05, Daniele wrote:
> Port 53 is open, I can also telnet it from another box in the same 
> network.
> Now I think the problem can be on the packets size, because I'm trying 
> every solution but nothing works.
> 2013/1/9 Lyle Giese <lyle at <mailto:lyle at>>
>     On 01/09/13 08:39, Daniele wrote:
>>     2013/1/9 Phil Mayers <p.mayers at
>>     <mailto:p.mayers at>>
>>         On 09/01/13 13:53, Daniele wrote:
>>             This is the scenario.
>>             I installed BIND9 via `apt-get` on a newly installed
>>             UBUNTU 12.04,
>>             virtualized on VirtualBox.
>>             The network works properly because if I indicate a
>>             different server from
>>             my own BIND9 (the first line of '/etc/resolv.conf' is,
>>             for example,
>>             `nameserver`) the lookups and any action on the
>>             Internet succeed.
>>         No, this assumption is not valid.
>>     I meant that I can reach the Internet and, vice versa, the
>>     Internet can reach my terminal.
>>     _______________________________________________
>>     Please visit  to unsubscribe from this list
>>     bind-users mailing list
>>     bind-users at  <mailto:bind-users at>
>     Recursive queries that named does for a client are different than
>     your machine as a dns client reaching out to Google's recursive
>     service.
>     You need to have UDP & TCP port 53 open to your recursive
>     server(the one running named) first of all.  And if any network
>     element within your network limits the size of UDP packets, you
>     will have problems with EDNS0 queries.
>     On this box running named, try this:
>     dig +trace <>
>     dig +trace <>
>     After dig gets a copy of the root servers from the local named, it
>     will do the same type of queries that a recursive name server does.
>     Lyle Giese
>     LCR Computer Services, Inc.
Saying port 53 is open because you can telnet to it from a local 
computer is a very limited test.

1) Telnet only use TCP, UDP is the primary/first communication channel 
DNS uses.

2) The router between this computer and the Internet is not at fault?  
You have done no tests to prove that one way or the other.

Do a couple of dig +trace runs and see what that shows.  And try some 
any queries to a dnssec enable domain.

Lyle Giese
LCR Computer Services, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list