Understanding 'format error" Messages
Mark Andrews
marka at isc.org
Thu Apr 15 23:52:48 UTC 2010
In message <20100415204352.3695B4017A at britaine.cis.anl.gov>, b19141 at anl.gov wri
tes:
> I am trying to understand "format error" messages like this one from
> BIND 9.7.0-P1:
>
> Apr 15 15:36:02 dnsserver.it.anl.gov named[8662]:
> [ID 873579 daemon.notice] DNS format error
> from 209.234.234.42#53 resolving markets.nytimes.wallst.com/AAAA
> for client 164.54.214.14#13132: invalid response
>
> dnsserver% dig markets.nytimes.wallst.com @209.234.224.42
>
> ; <<>> DiG 8.3 <<>> markets.nytimes.wallst.com @209.234.224.42
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; markets.nytimes.wallst.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> markets.nytimes.wallst.com. 1M IN A 209.234.225.89
>
> ;; Total query time: 56 msec
> ;; FROM: dnsserver.it.anl.gov to SERVER: 209.234.224.42 209.234.224.42
> ;; WHEN: Thu Apr 15 15:36:39 2010
> ;; MSG SIZE sent: 44 rcvd: 60
>
> dnsserver% dig markets.nytimes.wallst.com @209.234.224.42 AAAA
>
> ; <<>> DiG 8.3 <<>> markets.nytimes.wallst.com @209.234.224.42 AAAA
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; markets.nytimes.wallst.com, type = AAAA, class = IN
>
> ;; AUTHORITY SECTION:
> wallst.com. 1M IN SOA lb-www-p1-bb2-01.mgmt.local. hostmast
> er.lb-www-p1-bb2-01.mgmt.local. (
> 390 ; serial
> 3H ; refresh
> 1H ; retry
> 1W ; expiry
> 1M ) ; minimum
>
>
> ;; Total query time: 56 msec
> ;; FROM: dnsserver.it.anl.gov to SERVER: 209.234.224.42 209.234.224.42
> ;; WHEN: Thu Apr 15 15:36:56 2010
> ;; MSG SIZE sent: 44 rcvd: 118
>
> dnsserver%
>
> I do not see what the error is in the response to the AAAA query.
In this case the wrong SOA is being returned.
Looks like yet another badly configured load balancer where the
backing nameserver has the wrong zone configured, "wallst.com"
rather than the correct zone "markets.nytimes.wallst.com".
Mark
; <<>> DiG 9.3.6-P1 <<>> +trace markets.nytimes.wallst.com aaaa
;; global options: printcmd
. 309595 IN NS l.root-servers.net.
. 309595 IN NS g.root-servers.net.
. 309595 IN NS b.root-servers.net.
. 309595 IN NS k.root-servers.net.
. 309595 IN NS e.root-servers.net.
. 309595 IN NS i.root-servers.net.
. 309595 IN NS m.root-servers.net.
. 309595 IN NS j.root-servers.net.
. 309595 IN NS f.root-servers.net.
. 309595 IN NS c.root-servers.net.
. 309595 IN NS a.root-servers.net.
. 309595 IN NS d.root-servers.net.
. 309595 IN NS h.root-servers.net.
;; Received 492 bytes from 127.0.0.1#53(127.0.0.1) in 8 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 507 bytes from 2001:500:3::42#53(l.root-servers.net) in 184 ms
wallst.com. 172800 IN NS dns01.wallst.com.
wallst.com. 172800 IN NS dns02.wallst.com.
wallst.com. 172800 IN NS dns03.wallst.com.
wallst.com. 172800 IN NS ns4.wallst.com.
;; Received 186 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 177 ms
markets.nytimes.wallst.com. 300 IN NS gtm02.wallst.com.
markets.nytimes.wallst.com. 300 IN NS gtm03.wallst.com.
markets.nytimes.wallst.com. 300 IN NS gtm01.wallst.com.
;; Received 178 bytes from 209.234.224.41#53(dns01.wallst.com) in 206 ms
wallst.com. 60 IN SOA lb-www-p1-bb2-01.mgmt.local. hostmaster.lb-www-p1-bb2-01.mgmt.local. 400 10800 3600 604800 60
;; Received 118 bytes from 209.234.234.42#53(gtm02.wallst.com) in 206 ms
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-4601
> Building 240, Room 5.B.8 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4828 IBMMAIL: I1004994
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list