<div dir="ltr"><div>Hi,</div><div><br></div><div>I have a fedora38 server with bind-9.18.17 and receiving the following log entries for virtually every query (where "mykey" is my registered spamhaus DQS key):</div>07-Sep-2023 14:30:13.608 lame-servers: FORMERR resolving '<a href="http://mykey.hbl.dq.spamhaus.net/NS/IN">mykey.hbl.dq.spamhaus.net/NS/IN</a>': 66.42.94.100#53<br>07-Sep-2023 14:30:13.625 resolver: DNS format error from 143.215.143.8#53 resolving <a href="http://mykey.hbl.dq.spamhaus.net/NS">mykey.hbl.dq.spamhaus.net/NS</a> for <unknown>: reply has no answer<br>07-Sep-2023 14:30:13.625 lame-servers: FORMERR resolving '<a href="http://mykey.hbl.dq.spamhaus.net/NS/IN">mykey.hbl.dq.spamhaus.net/NS/IN</a>': 143.215.143.8#53<br>07-Sep-2023 14:30:13.628 lame-servers: success resolving 'psnobcays3v2r52vapfv5fgvr6pgd6znvuzyhe5ktid3ty3oai4q._<a href="http://file.mykey.hbl.dq.spamhaus.net/A">file.mykey.hbl.dq.spamhaus.net/A</a>' after disabling qname minimization due to 'failure'<br><div><br></div><div>07-Sep-2023 14:39:30.214 lame-servers: success resolving '<a href="http://22.10.223.192.bl.spamcop.net/A">22.10.223.192.bl.spamcop.net/A</a>' after disabling qname minimization due to 'ncache nxdomain'</div><div><br></div><div>For some reason my config isn't ignoring lame-servers, but it does look relevant and related to the resolver errors.</div><div><br></div><div>I've tried to experiment with including "minimal responses yes;" in my config, based on some reading about a similar issue years ago, but it doesn't change anything. This nameserver provides DNS across a VPN link to a remote system on a cable modem because having the server (also fedora38) query DNS directly on a cable modem was resulting in some other weird errors.</div><div><br></div><div>Any ideas greatly appreciated.</div><div><br></div><div>acl "trusted" {<br>        { 127/8; };<br>        { <a href="http://68.195.44.40/29">68.195.44.40/29</a>; };</div><div>        { 147.135.111.126; };<br>};<br>options {<br>        listen-on port 53 { 127.0.0.1; 147.135.111.126; };<br>        listen-on-v6 port 53 { none; };<br>        directory       "/var/named";<br>        dump-file       "/var/named/data/cache_dump.db";<br>        statistics-file "/var/named/data/named_stats.txt";<br>        memstatistics-file "/var/named/data/named_mem_stats.txt";<br>        secroots-file   "/var/named/data/named.secroots";<br>        recursing-file  "/var/named/data/named.recursing";<br>        allow-query     { trusted; };<br>        allow-query-cache { trusted; };<br>        minimal-responses yes;<br>        recursion yes;<br>        managed-keys-directory "/var/named/dynamic";<br>        geoip-directory "/usr/share/GeoIP";<br>        pid-file "/run/named/named.pid";<br>        session-keyfile "/run/named/session.key";<br>        include "/etc/crypto-policies/back-ends/bind.config";<br>};<br>logging {<br>        channel default_debug {<br>                file "data/named.run";<br>                severity dynamic;<br>        };<br>        channel named_debug {<br>                severity dynamic;<br>                file "/var/log/named.debug.log" versions 2 size 100m;<br>                print-time yes;<br>                print-category yes;<br>        };<br>        category default { named_debug; };<br>        channel query_info {<br>           severity info;<br>           file "/var/log/named.query.log" versions 3 size 5m;<br>           print-time yes;<br>           print-category yes;<br>         };<br>         category queries { query_info; };<br>};<br>zone "." IN {<br>        type hint;<br>        file "<a href="http://named.ca">named.ca</a>";<br>};<br>include "/etc/named.rfc1912.zones";<br>include "/etc/named.root.key";<br></div><div><br></div></div>