FORMERR from bind9 for reverse map for Ottawa dialup

Michael Richardson mcr at sandelman.ottawa.on.ca
Tue Aug 19 00:09:33 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Greg" == Greg A Woods <woods at weird.com> writes:
    Greg> [ On Sunday, August 17, 2003 at 17:51:30 (-0400), Michael
    Greg> Richardson wrote: ]
    >> Subject: FORMERR from bind9 for reverse map for Ottawa dialup
    >> 
    >> Is this among issues with djdns? Or another? I will complain to the
    >> ISP who has hired this service as soon as I have the right ammunition.

    Greg> FYI ns.uunet.ca and ns2.uunet.ca are/were, IIRC, running BIND-8.x
    Greg> (though they may have more recently been upgraded to BIND-9), and
    Greg> auth01.ns.uu.net is, IIRC, running BIND-9.x.  The latter is an
    Greg> authoritative-only server, while the former are _STILL_ also
    Greg> recursive caching servers.

    Greg> I believe the ultimate problem is that there are no NS records in
    Greg> the zone for the record in question (i.e. in
    Greg> 157.10.64.in-addr.arpa) even though there are NS RRs in the parent
    Greg> zone (i.e. in 10.64.in-addr.arpa):

  That sounds like a reasonable explanation, but, I get answers for PTR.

marajade-[~] mcr 1005 %dig +norecurse 165.157.10.64.in-addr.arpa. ptr @dialdns1.uu.net.

; <<>> DiG 9.3.0s20021115 <<>> +norecurse 165.157.10.64.in-addr.arpa. ptr @dialdns1.uu.net.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22698
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;165.157.10.64.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
165.157.10.64.in-addr.arpa. 3600 IN     PTR     1Cust165.tnt4.ottawa.on.da.uu.net.

marajade-[~] mcr 1006 %dig +norecurse 165.157.10.64.in-addr.arpa. txt @dialdns1.uu.net.

; <<>> DiG 9.3.0s20021115 <<>> +norecurse 165.157.10.64.in-addr.arpa. txt @dialdns1.uu.net.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63015
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;165.157.10.64.in-addr.arpa.    IN      TXT

marajade-[~] mcr 1007 %cat bin/bindversion 
#!/bin/sh

for i
do
        dig version.bind. txt ch @$i
done
marajade-[~] mcr 1008 %bindversion dialdns1.uu.net.

; <<>> DiG 9.3.0s20021115 <<>> version.bind. txt ch @dialdns1.uu.net.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9169
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;version.bind.                  CH      TXT


    Greg> I don't know what dialdns1 and dialdns2 are running, though I
    Greg> suspect it's BIND-9 as well.

  I don't think so.
  btw, who said anything about ns.uunet.ca?

    >> running as a local recursive name server, I have a process doing TXT
    >> lookups on my reverse IP (a dialup from uu.net) and my local named9 is
    >> logging:

    Greg> Why TXT records?  What do you expect to find?  There are no TXT
    Greg> records along with the PTRs at the authoritative servers.

  see draft-richardson-ipsec-opportunistic-12.txt.
  The lack of them is okay - it just tells my system that I must not use
my IP address as my IPsec identity.

    >> I.e. I am getting a referral from a server that is supposed to be
    >> authoritative. Note that it is authoritative for other record types!

    Greg> If your nameserver chose to query auth01.ns.uu.net then that's the
    Greg> answer it must return.  It is only authoritative for the parent
    Greg> zone, not the zone you want to query.

  I did not.

    Greg> I'm not sure why your recursive BIND-9 server is logging a FORMERR
    Greg> instead of chasing down the authoritative servers (though at this
    Greg> time of the day I'm not sure it's supposed to either :-).  Maybe
    Greg> it's because it sees the SOA in the AUTHORITY section.  I don't
    Greg> have any problem with my test BIND-9.2.1 server, but then again I
    Greg> can't tell where it got its cached records from either.

    Greg> BTW, HOSTMASTER at UUNET.CA: You have some contacts pointing at
    Greg> hostmaster at ns.uunet.ca, which bounces!!!!  Please fix your
    Greg> mailer!!!

  yeah....

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy");  [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat

iQCVAwUBP0FqvIqHRg3pndX9AQEU7gP/Qe0L4GeIxtXQntM+fkKo2xA5x66AhR9f
oo5KrIh7HNUcwxKBHhrPQscWBLvJgnAdZWJbj1HAXGF+q+wBNyoHXU7h/33UAld1
DdUJB0aMJSne6apq0z8C1c/YyLdTmEE7Cqtcpj5ZxLrQGtdpfpeb6wThBruXPiGP
gUod8ELD0cI=
=XLID
-----END PGP SIGNATURE-----


More information about the bind-workers mailing list