lame-servers: error (FORMERR) resolving [something]

Shane Kerr shane at
Mon Jan 14 11:05:01 UTC 2013


It may be a simple case of your firewall not allowing any DNS queries
that do not request recursion. Difficult to know.

You may want to try:

dig +trace

This will follow the referrals from the root, and you can verify that
this works.

The next step may be to try:

dig +trace +dnssec

This will ask for DNSSEC, which will mean enabling EDNS0 and getting
bigger response packets, both of which can cause problems with broken
middleboxes (although BIND 9 should work even in those cases).



On Monday, 2013-01-14 10:44:44 +0100, 
Daniele <d.imbrogino at> wrote:
> What tests should I do?
> If I query directly an external name-server (one of the root ones or
> for example) I receive the correct response.
> For this reason I'm inclined to think that the router doesn't block
> packets to/from port 53.
> Why should it block packets generated by BIND9?

More information about the bind-users mailing list