FORMERR from bind9 for reverse map for Ottawa dialup
Michael Richardson
mcr at sandelman.ottawa.on.ca
Tue Aug 19 00:09:33 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Greg" == Greg A Woods <woods at weird.com> writes:
Greg> [ On Sunday, August 17, 2003 at 17:51:30 (-0400), Michael
Greg> Richardson wrote: ]
>> Subject: FORMERR from bind9 for reverse map for Ottawa dialup
>>
>> Is this among issues with djdns? Or another? I will complain to the
>> ISP who has hired this service as soon as I have the right ammunition.
Greg> FYI ns.uunet.ca and ns2.uunet.ca are/were, IIRC, running BIND-8.x
Greg> (though they may have more recently been upgraded to BIND-9), and
Greg> auth01.ns.uu.net is, IIRC, running BIND-9.x. The latter is an
Greg> authoritative-only server, while the former are _STILL_ also
Greg> recursive caching servers.
Greg> I believe the ultimate problem is that there are no NS records in
Greg> the zone for the record in question (i.e. in
Greg> 157.10.64.in-addr.arpa) even though there are NS RRs in the parent
Greg> zone (i.e. in 10.64.in-addr.arpa):
That sounds like a reasonable explanation, but, I get answers for PTR.
marajade-[~] mcr 1005 %dig +norecurse 165.157.10.64.in-addr.arpa. ptr @dialdns1.uu.net.
; <<>> DiG 9.3.0s20021115 <<>> +norecurse 165.157.10.64.in-addr.arpa. ptr @dialdns1.uu.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22698
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;165.157.10.64.in-addr.arpa. IN PTR
;; ANSWER SECTION:
165.157.10.64.in-addr.arpa. 3600 IN PTR 1Cust165.tnt4.ottawa.on.da.uu.net.
marajade-[~] mcr 1006 %dig +norecurse 165.157.10.64.in-addr.arpa. txt @dialdns1.uu.net.
; <<>> DiG 9.3.0s20021115 <<>> +norecurse 165.157.10.64.in-addr.arpa. txt @dialdns1.uu.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63015
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;165.157.10.64.in-addr.arpa. IN TXT
marajade-[~] mcr 1007 %cat bin/bindversion
#!/bin/sh
for i
do
dig version.bind. txt ch @$i
done
marajade-[~] mcr 1008 %bindversion dialdns1.uu.net.
; <<>> DiG 9.3.0s20021115 <<>> version.bind. txt ch @dialdns1.uu.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9169
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind. CH TXT
Greg> I don't know what dialdns1 and dialdns2 are running, though I
Greg> suspect it's BIND-9 as well.
I don't think so.
btw, who said anything about ns.uunet.ca?
>> running as a local recursive name server, I have a process doing TXT
>> lookups on my reverse IP (a dialup from uu.net) and my local named9 is
>> logging:
Greg> Why TXT records? What do you expect to find? There are no TXT
Greg> records along with the PTRs at the authoritative servers.
see draft-richardson-ipsec-opportunistic-12.txt.
The lack of them is okay - it just tells my system that I must not use
my IP address as my IPsec identity.
>> I.e. I am getting a referral from a server that is supposed to be
>> authoritative. Note that it is authoritative for other record types!
Greg> If your nameserver chose to query auth01.ns.uu.net then that's the
Greg> answer it must return. It is only authoritative for the parent
Greg> zone, not the zone you want to query.
I did not.
Greg> I'm not sure why your recursive BIND-9 server is logging a FORMERR
Greg> instead of chasing down the authoritative servers (though at this
Greg> time of the day I'm not sure it's supposed to either :-). Maybe
Greg> it's because it sees the SOA in the AUTHORITY section. I don't
Greg> have any problem with my test BIND-9.2.1 server, but then again I
Greg> can't tell where it got its cached records from either.
Greg> BTW, HOSTMASTER at UUNET.CA: You have some contacts pointing at
Greg> hostmaster at ns.uunet.ca, which bounces!!!! Please fix your
Greg> mailer!!!
yeah....
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat
iQCVAwUBP0FqvIqHRg3pndX9AQEU7gP/Qe0L4GeIxtXQntM+fkKo2xA5x66AhR9f
oo5KrIh7HNUcwxKBHhrPQscWBLvJgnAdZWJbj1HAXGF+q+wBNyoHXU7h/33UAld1
DdUJB0aMJSne6apq0z8C1c/YyLdTmEE7Cqtcpj5ZxLrQGtdpfpeb6wThBruXPiGP
gUod8ELD0cI=
=XLID
-----END PGP SIGNATURE-----
More information about the bind-workers
mailing list