FORMERR from bind9 for reverse map for Ottawa dialup

Michael Richardson mcr at
Tue Aug 19 00:09:33 UTC 2003


>>>>> "Greg" == Greg A Woods <woods at> writes:
    Greg> [ On Sunday, August 17, 2003 at 17:51:30 (-0400), Michael
    Greg> Richardson wrote: ]
    >> Subject: FORMERR from bind9 for reverse map for Ottawa dialup
    >> Is this among issues with djdns? Or another? I will complain to the
    >> ISP who has hired this service as soon as I have the right ammunition.

    Greg> FYI and are/were, IIRC, running BIND-8.x
    Greg> (though they may have more recently been upgraded to BIND-9), and
    Greg> is, IIRC, running BIND-9.x.  The latter is an
    Greg> authoritative-only server, while the former are _STILL_ also
    Greg> recursive caching servers.

    Greg> I believe the ultimate problem is that there are no NS records in
    Greg> the zone for the record in question (i.e. in
    Greg> even though there are NS RRs in the parent
    Greg> zone (i.e. in

  That sounds like a reasonable explanation, but, I get answers for PTR.

marajade-[~] mcr 1005 %dig +norecurse ptr

; <<>> DiG 9.3.0s20021115 <<>> +norecurse ptr
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22698
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;    IN      PTR


marajade-[~] mcr 1006 %dig +norecurse txt

; <<>> DiG 9.3.0s20021115 <<>> +norecurse txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63015
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;    IN      TXT

marajade-[~] mcr 1007 %cat bin/bindversion 

for i
        dig version.bind. txt ch @$i
marajade-[~] mcr 1008 %bindversion

; <<>> DiG 9.3.0s20021115 <<>> version.bind. txt ch
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9169
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;version.bind.                  CH      TXT

    Greg> I don't know what dialdns1 and dialdns2 are running, though I
    Greg> suspect it's BIND-9 as well.

  I don't think so.
  btw, who said anything about

    >> running as a local recursive name server, I have a process doing TXT
    >> lookups on my reverse IP (a dialup from and my local named9 is
    >> logging:

    Greg> Why TXT records?  What do you expect to find?  There are no TXT
    Greg> records along with the PTRs at the authoritative servers.

  see draft-richardson-ipsec-opportunistic-12.txt.
  The lack of them is okay - it just tells my system that I must not use
my IP address as my IPsec identity.

    >> I.e. I am getting a referral from a server that is supposed to be
    >> authoritative. Note that it is authoritative for other record types!

    Greg> If your nameserver chose to query then that's the
    Greg> answer it must return.  It is only authoritative for the parent
    Greg> zone, not the zone you want to query.

  I did not.

    Greg> I'm not sure why your recursive BIND-9 server is logging a FORMERR
    Greg> instead of chasing down the authoritative servers (though at this
    Greg> time of the day I'm not sure it's supposed to either :-).  Maybe
    Greg> it's because it sees the SOA in the AUTHORITY section.  I don't
    Greg> have any problem with my test BIND-9.2.1 server, but then again I
    Greg> can't tell where it got its cached records from either.

    Greg> BTW, HOSTMASTER at UUNET.CA: You have some contacts pointing at
    Greg> hostmaster at, which bounces!!!!  Please fix your
    Greg> mailer!!!


]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr at |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy");  [
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat


More information about the bind-workers mailing list