<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Fedora 37 has more recent version in updates. I would recommend
when in doubt trying to update your system, it might have been
fixed already. But this problem is not on your side.<br>
</p>
<p>You can try with dig some queries to their server:</p>
<p>$ dig @195.178.56.17 +norec ns1.apr.gov.rs +nocookie | grep
status:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
2078<br>
<br>
$ dig @195.178.56.17 +norec ns1.apr.gov.rs +noedns | grep status:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
13954<br>
<br>
$ dig @195.178.56.17 +norec ns1.apr.gov.rs | grep status:<br>
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id:
44465</p>
<p>It is obvious their server cannot cope with cookies, which should
be fixed on their side. It would be nice to send them kind mail
requesting fix of their server.<br>
</p>
<p>server 195.178.56.17 { send-cookie no; };<br>
server 91.150.72.154 { send-cookie no; };</p>
<p>Should help until they do, but it is just a workaround. The are
violating RFC 6891, paragraph 6.1.2 [1]:</p>
<pre class="newpage"> Any OPTION-CODE values not understood by a responder or requestor
MUST be ignored.</pre>
<p></p>
<p>Cheers,<br>
Petr<br>
</p>
<p>[1] <a class="moz-txt-link-freetext" href="https://www.rfc-editor.org/rfc/rfc6891#section-6.1.2">https://www.rfc-editor.org/rfc/rfc6891#section-6.1.2</a><br>
</p>
<p>On 16. 05. 23 16:52, Alex wrote:<br>
</p>
<blockquote type="cite"
cite="mid:CAB1R3sgrbufQ9Sr_4gQ2Ogb83higH_spb64CQxKZmvuAqL1sHw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi,
<div>I have a bind-9.18.7 system on fedora37 and having some
strange errors with some queries.</div>
<div><br>
</div>
<div>$ host <a href="http://info.apr.gov.rs"
moz-do-not-send="true">info.apr.gov.rs</a></div>
Host <a href="http://info.apr.gov.rs" moz-do-not-send="true">info.apr.gov.rs</a>
not found: 2(SERVFAIL)<br>
<div><br>
</div>
<div>in my bind logs I have the following:</div>
<div>16-May-2023 10:37:49.800 resolver: DNS format error from
195.178.56.17#53 resolving <a
href="http://ns1.apr.gov.rs/AAAA" moz-do-not-send="true">ns1.apr.gov.rs/AAAA</a>
for <unknown>: server sent FORMERR<br>
16-May-2023 10:37:49.800 lame-servers: received FORMERR
resolving '<a href="http://ns1.apr.gov.rs/AAAA/IN"
moz-do-not-send="true">ns1.apr.gov.rs/AAAA/IN</a>':
195.178.56.17#53<br>
16-May-2023 10:37:49.800 lame-servers: timed out resolving '<a
href="http://info.apr.gov.rs/A/IN" moz-do-not-send="true">info.apr.gov.rs/A/IN</a>':
212.62.49.194#53<br>
16-May-2023 10:37:49.800 query-errors: client @0x7f9d546d5168
127.0.0.1#59712 (<a href="http://info.apr.gov.rs"
moz-do-not-send="true">info.apr.gov.rs</a>): query failed
(failure) for <a href="http://info.apr.gov.rs/IN/A"
moz-do-not-send="true">info.apr.gov.rs/IN/A</a> at
../../../lib/ns/query.c:7717<br>
</div>
<div><br>
</div>
<div>In the limited search results I've found for this, I
believe it has something to do with dnssec or EDNS, but I
really don't know how to troubleshoot this. Is this a known
problem?</div>
<div><br>
</div>
<div>It also appears to be happening with even hosts like
ticketmaster?</div>
<div>16-May-2023 10:21:09.348 lame-servers: FORMERR resolving '<a
href="http://engage.ticketmaster.com/NS/IN"
moz-do-not-send="true">engage.ticketmaster.com/NS/IN</a>':
205.251.194.123#53<br>
</div>
</div>
</blockquote>
This resolves fine to me now, does not need disabling cookies or
ends.<br>
<blockquote type="cite"
cite="mid:CAB1R3sgrbufQ9Sr_4gQ2Ogb83higH_spb64CQxKZmvuAqL1sHw@mail.gmail.com">
<div dir="ltr">
<div><br>
</div>
<div>The host resolves fine on my bind-9.16.38 system using the
exact same configuration, as well as most or all public
resolvers.</div>
<br>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Petr Menšík
Software Engineer, RHEL
Red Hat, <a class="moz-txt-link-freetext" href="http://www.redhat.com/">http://www.redhat.com/</a>
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB</pre>
</body>
</html>