lame-servers: error (FORMERR) resolving [something]
Daniele
d.imbrogino at gmail.com
Mon Jan 14 09:44:44 UTC 2013
What tests should I do?
If I query directly an external name-server (one of the root ones or
8.8.8.8 for example) I receive the correct response.
For this reason I'm inclined to think that the router doesn't block packets
to/from port 53.
Why should it block packets generated by BIND9?
2013/1/12 Lyle Giese <lyle at lcrcomputer.net>
> On 01/11/13 03:05, Daniele wrote:
>
> Port 53 is open, I can also telnet it from another box in the same network.
> Now I think the problem can be on the packets size, because I'm trying
> every solution but nothing works.
>
>
> 2013/1/9 Lyle Giese <lyle at lcrcomputer.net>
>
>> On 01/09/13 08:39, Daniele wrote:
>>
>> 2013/1/9 Phil Mayers <p.mayers at imperial.ac.uk>
>>
>>> On 09/01/13 13:53, Daniele wrote:
>>>
>>>> This is the scenario.
>>>>
>>>> I installed BIND9 via `apt-get` on a newly installed UBUNTU 12.04,
>>>> virtualized on VirtualBox.
>>>> The network works properly because if I indicate a different server from
>>>> my own BIND9 (the first line of '/etc/resolv.conf' is, for example,
>>>> `nameserver 8.8.8.8`) the lookups and any action on the Internet
>>>> succeed.
>>>>
>>>>
>>> No, this assumption is not valid.
>>
>>
>> I meant that I can reach the Internet and, vice versa, the Internet can
>> reach my terminal.
>>
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing listbind-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
>>
>> Recursive queries that named does for a client are different than your
>> machine as a dns client reaching out to Google's recursive service.
>>
>> You need to have UDP & TCP port 53 open to your recursive server(the one
>> running named) first of all. And if any network element within your
>> network limits the size of UDP packets, you will have problems with EDNS0
>> queries.
>>
>> On this box running named, try this:
>>
>> dig +trace www.msn.com
>>
>> dig +trace imperial.ac.uk
>>
>> After dig gets a copy of the root servers from the local named, it will
>> do the same type of queries that a recursive name server does.
>>
>> Lyle Giese
>> LCR Computer Services, Inc.
>>
>>
>> Saying port 53 is open because you can telnet to it from a local
> computer is a very limited test.
>
> 1) Telnet only use TCP, UDP is the primary/first communication channel DNS
> uses.
>
> 2) The router between this computer and the Internet is not at fault? You
> have done no tests to prove that one way or the other.
>
> Do a couple of dig +trace runs and see what that shows. And try some any
> queries to a dnssec enable domain.
>
>
> Lyle Giese
> LCR Computer Services, Inc.
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130114/a843de3a/attachment.html>
More information about the bind-users
mailing list