SERVFAIL/FORMERR/EINVAL on AAAA query
Evaldas Auryla
evaldas.auryla at pheur.org
Thu Jul 27 09:58:39 UTC 2006
Greetings,
Need an advice here, any idea what could be wrong with t_AAAA queries on
these hosts ? :
emi.lancasterlabs.com.
smail.lancasterlabs.com.
mail.iss.it.
Using BIND v9.3.x, I get SERVFAIL:
==========
10:40:24 root at zaibas:~# rndc flush
10:40:29 root at zaibas:~# dig AAAA emi.lancasterlabs.com.
; <<>> DiG 9.3.2 <<>> AAAA emi.lancasterlabs.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62077
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;emi.lancasterlabs.com. IN AAAA
;; Query time: 1260 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 27 10:40:31 2006
;; MSG SIZE rcvd: 39
==========
with further details revealing FORMERR in debug log:
==========
27-Jul-2006 09:55:37.552 resolver: resquery 0x83a1c00 (fctx
0x8250a00(emi.lancasterlabs.com/AAAA)): response
27-Jul-2006 09:55:37.552 general: message has 3 byte(s) of trailing garbage
27-Jul-2006 09:55:37.552 resolver: received packet:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49309
;; flags: qr aa ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;emi.lancasterlabs.com. IN AAAA
;; AUTHORITY SECTION:
lancasterlabs.com. 86400 IN SOA lancasterlabs.com.
administrator.lancasterlabs.com. 998545544 28800 7200 6
04800 86400
27-Jul-2006 09:55:37.552 resolver: fctx
0x8250a00(emi.lancasterlabs.com/AAAA'): noanswer_response
27-Jul-2006 09:55:37.552 resolver: fctx
0x8250a00(emi.lancasterlabs.com/AAAA'): cancelquery
27-Jul-2006 09:55:37.552 dispatch: dispatch 0x8229000 response 0x852b300
65.163.209.74#53: detaching from task 0x823d600
27-Jul-2006 09:55:37.552 dispatch: dispatch 0x8229000: detach: refcount 6
27-Jul-2006 09:55:37.552 resolver: fctx
0x8250a00(emi.lancasterlabs.com/AAAA'): add_bad
27-Jul-2006 09:55:37.552 lame-servers: FORMERR resolving
'emi.lancasterlabs.com/AAAA/IN': 65.163.209.74#53
==========
Tried to trace the thing and FORMERR is returned from following part of
noanswer_response() code:
===== resolver.c lines 4252-4272 =====
/*
* Did we find anything?
*/
if (!negative_response && ns_name == NULL) {
/*
* Nope.
*/
if (oqname != NULL) {
/*
* We've already got a partial CNAME/DNAME chain,
* and haven't found else anything useful here, but
* no error has occurred since we have an answer.
*/
return (ISC_R_SUCCESS);
} else {
/*
* The responder is insane.
*/
return (DNS_R_FORMERR);
}
}
==========
The problem is that on FreeBSD boxes (starting with FreeBSD v5.3 and up,
my guess is when BIND v9 resolver was integrated) sendmail now gets
h_errno=EINVAL (errno=h_errno below) for these queries, so resolver
option WorkAroundBrokenAAAA is not working anymore:
===== sendmail v8.13.6 daemon.c lines 2318-2326 =====
if (WorkAroundBrokenAAAA && family == AF_INET6 &&
errno == ETIMEDOUT)
{
/*
** An attempt with family AF_INET may
** succeed By skipping the next section
** of code, we will try AF_INET before
** failing.
==========
Regards,
Evaldas
More information about the bind-users
mailing list