lame-servers: error (FORMERR) resolving [something]

Leonard Mills lenm at
Mon Jan 14 18:59:37 UTC 2013

Packet dumps at your edge would likely be helpful to your diagnosis.

At your firewall (or other edge appliance) you are seeing successful UDP from a high port on your system (DNS client) to port 53 on the server and a reply in the opposite direction.  You are not seeing success from an external client high port to 53 to on your server.

The two operations are absolutely disjoint when you deal with firewall tuples.

Hope this helps,


> From: Daniele <d.imbrogino at>
>To: bind-users at 
>Sent: Monday, January 14, 2013 1:44 AM
>Subject: Re: lame-servers: error (FORMERR) resolving [something]
>What tests should I do?
>If I query directly an external name-server (one of the root ones or for example) I receive the correct response.
>For this reason I'm inclined to think that the router doesn't block packets to/from port 53.
>Why should it block packets generated by BIND9?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list