lame-servers: error (FORMERR) resolving [something]
Daniele
d.imbrogino at gmail.com
Thu Jan 17 14:36:21 UTC 2013
Output for `dig NS .`
; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 NS .
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37032
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; Query time: 1474 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 17 15:28:04 2013
;; MSG SIZE rcvd: 17
Output for `dig NS org.`
; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 NS org.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13835
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;org. IN NS
;; Query time: 467 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 17 15:29:47 2013
;; MSG SIZE rcvd: 21
Output for `dig +nodnssec +noedns NS .` is the same as the previous, as for
`dig +nodnssec NS .`
The return packets have size of 743 bytes and they all contains infos about
NS for root zone.
2013/1/17 Warren Kumari <warren at kumari.net>
>
> On Jan 17, 2013, at 9:04 AM, Daniele <d.imbrogino at gmail.com> wrote:
>
> > I'm going crazy.
> >
> > This is my named.conf
> >
> > logging {
> >
> > channel default_logfile {
> > file "/var/cache/bind/logs/default.log";
> > severity info;
> > print-category yes;
> > print-severity yes;
> > print-time yes;
> > };
> >
> > category default {
> > default_logfile;
> > };
> >
> > category lame-servers {null;};
> > };
> >
> > options {
> > directory "/var/cache/bind";
> >
> > dnssec-validation auto;
> >
> > auth-nxdomain no; # conform to RFC1035
> > listen-on-v6 { any; };
> > };
> >
> > and the default zones (not shown here).
> >
> > This is the output of `dig +trace +nodnssec www.isc.org`
> > ; <<>> DiG 9.8.1-P1 <<>> +trace +nodnssec www.isc.org
> > ;; global options: +cmd
> > . 3600000 IN NS M.ROOT-SERVERS.NET.
> > . 3600000 IN NS K.ROOT-SERVERS.NET.
> > . 3600000 IN NS G.ROOT-SERVERS.NET.
> > . 3600000 IN NS L.ROOT-SERVERS.NET.
> > . 3600000 IN NS B.ROOT-SERVERS.NET.
> > . 3600000 IN NS E.ROOT-SERVERS.NET.
> > . 3600000 IN NS A.ROOT-SERVERS.NET.
> > . 3600000 IN NS F.ROOT-SERVERS.NET.
> > . 3600000 IN NS J.ROOT-SERVERS.NET.
> > . 3600000 IN NS H.ROOT-SERVERS.NET.
> > . 3600000 IN NS C.ROOT-SERVERS.NET.
> > . 3600000 IN NS I.ROOT-SERVERS.NET.
> > . 3600000 IN NS D.ROOT-SERVERS.NET.
> > dig: couldn't get address for 'M.ROOT-SERVERS.NET': not found
> >
> >
> > During `dig` operations, using Wireshark I can see outgoing packets to
> port 53 and incoming ones from port 53
>
> What size is the return packet? Do you have anything in the path that
> might be helpfully trying to monkey with the replies?
> What do you get for just 'dig NS .' and 'dig NS org.'?
>
> Does anything change if you do 'dig +nodnssec +noedns NS .' versus 'dig
> +nodnssec NS .'
>
> Including the comment bit from digs output (;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jan 17 09:18:57 2013
> ;; MSG SIZE rcvd: 512
>
>
> would help.
>
> W
>
>
> >
> > The default policy of my firewall, configured via `iptables`, is to
> accept everything (I'm on VirtualBox); the only rule is to MASQUERADE
> outgoing packets for NAT reasons (this box is the gateway of my private
> network).
> >
> > What's wrong?
> >
> > 2013/1/15 Chris Thompson <cet1 at cam.ac.uk>
> > On Jan 14 2013, Shane Kerr wrote:
> >
> > [...]
> >
> > You may want to try:
> >
> > dig +trace www.isc.org
> >
> > [...]
> >
> > The next step may be to try:
> >
> > dig +trace +dnssec www.isc.org
> >
> > Beware that if you have a dig(1) from BIND 9.9.x, +dnssec has become the
> > default with +trace. In that case replace the first attempt with
> >
> > dig +trace +nodnssec www.isc.org
> >
> > --
> > Chris Thompson
> > Email: cet1 at cam.ac.uk
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Militant Agnostic -- I don't know and you don't either...
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130117/781e4bdb/attachment.html>
More information about the bind-users
mailing list