Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

David Miller dmiller at tiggee.com
Thu Feb 9 04:05:28 UTC 2012 

On 2/8/2012 10:32 PM, Matt Doughty wrote:
> I have spend the afternoon trying to figure this out. The response I
> get back from their nameserver looks fine to me, and dig +trace works
> fine, but a regular dig returns a servfail. I have looked at the code
> for invalid response, but I don't quite follow what is going on there,
> and the comment 'responder is insane' leaves something to be desired.
> Any help would be appreciated here. I have included the dig +trace
> output below:
>
> dig +trace winqual.partners.extranet.microsoft.com.
>
> ;<<>>  DiG 9.7.0-P1<<>>  +trace winqual.partners.extranet.microsoft.com.
> ;; global options: +cmd
> .                       518004  IN      NS      j.root-servers.net.
> .                       518004  IN      NS      e.root-servers.net.
> .                       518004  IN      NS      l.root-servers.net.
> .                       518004  IN      NS      c.root-servers.net.
> .                       518004  IN      NS      m.root-servers.net.
> .                       518004  IN      NS      d.root-servers.net.
> .                       518004  IN      NS      b.root-servers.net.
> .                       518004  IN      NS      h.root-servers.net.
> .                       518004  IN      NS      k.root-servers.net.
> .                       518004  IN      NS      a.root-servers.net.
> .                       518004  IN      NS      g.root-servers.net.
> .                       518004  IN      NS      i.root-servers.net.
> .                       518004  IN      NS      f.root-servers.net.
> ;; Received 228 bytes from 172.16.255.1#53(172.16.255.1) in 1 ms
>
> com.                    172800  IN      NS      h.gtld-servers.net.
> com.                    172800  IN      NS      f.gtld-servers.net.
> com.                    172800  IN      NS      m.gtld-servers.net.
> com.                    172800  IN      NS      g.gtld-servers.net.
> com.                    172800  IN      NS      l.gtld-servers.net.
> com.                    172800  IN      NS      c.gtld-servers.net.
> com.                    172800  IN      NS      d.gtld-servers.net.
> com.                    172800  IN      NS      a.gtld-servers.net.
> com.                    172800  IN      NS      b.gtld-servers.net.
> com.                    172800  IN      NS      i.gtld-servers.net.
> com.                    172800  IN      NS      j.gtld-servers.net.
> com.                    172800  IN      NS      e.gtld-servers.net.
> com.                    172800  IN      NS      k.gtld-servers.net.
> ;; Received 497 bytes from 192.33.4.12#53(c.root-servers.net) in 18 ms
>
> microsoft.com.          172800  IN      NS      ns3.msft.net.
> microsoft.com.          172800  IN      NS      ns1.msft.net.
> microsoft.com.          172800  IN      NS      ns5.msft.net.
> microsoft.com.          172800  IN      NS      ns2.msft.net.
> microsoft.com.          172800  IN      NS      ns4.msft.net.
> ;; Received 235 bytes from 192.43.172.30#53(i.gtld-servers.net) in 67 ms
>
> partners.extranet.microsoft.com. 3600 IN NS     dns10.one.microsoft.com.
> partners.extranet.microsoft.com. 3600 IN NS     dns13.one.microsoft.com.
> partners.extranet.microsoft.com. 3600 IN NS     dns11.one.microsoft.com.
> partners.extranet.microsoft.com. 3600 IN NS     dns12.one.microsoft.com.
> ;; Received 236 bytes from 64.4.59.173#53(ns2.msft.net) in 3 ms
>
> winqual.partners.extranet.microsoft.com. 10 IN A 131.107.97.31
> ;; Received 112 bytes from 131.107.125.65#53(dns10.one.microsoft.com) in 23 ms
>

If I just dig at their servers for NS, I get a trunc and retry over TCP 
that times out.

If I signal a bufsize, I get back a 777 byte response with NS that don't 
match the parent and an additional full of private 10/8 addresses

# dig +norecurse +bufsize=1024 ns partners.extranet.microsoft.com 
@dns10.one.microsoft.com.

; <<>> DiG 9.8.1 <<>> +norecurse +bufsize=1024 ns 
partners.extranet.microsoft.com @dns10.one.microsoft.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10678
;; flags: qr ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 17

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;partners.extranet.microsoft.com. IN    NS

;; ANSWER SECTION:
partners.extranet.microsoft.com. 1076 IN NS     
tk5-ptnr-dc-02.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
kaw-ptnr-dc-02.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
co2-ptnr-dc-02.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
co2-ptnr-dc-01.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
tk5-ptnr-dc-01.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
db3-ptnr-dc-02.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
db3-ptnr-dc-01.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
tk5-ptnr-dc-03.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
sin-ptnr-dc-03.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
rno-ptnr-dc-01.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
ph1-ptnr-dc-02.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
ph1-ptnr-dc-01.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
sin-ptnr-dc-02.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
sinxtdnsz01.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
tk5-ptnr-dc-05.partners.extranet.microsoft.com.
partners.extranet.microsoft.com. 1076 IN NS     
kaw-ptnr-dc-03.partners.extranet.microsoft.com.

;; ADDITIONAL SECTION:
tk5-ptnr-dc-02.partners.extranet.microsoft.com. 65 IN A 10.251.51.102
kaw-ptnr-dc-02.partners.extranet.microsoft.com. 3564 IN A 10.251.162.20
co2-ptnr-dc-02.partners.extranet.microsoft.com. 3196 IN A 10.251.152.89
co2-ptnr-dc-01.partners.extranet.microsoft.com. 2092 IN A 10.251.152.173
tk5-ptnr-dc-01.partners.extranet.microsoft.com. 2307 IN A 10.251.51.13
db3-ptnr-dc-02.partners.extranet.microsoft.com. 2887 IN A 10.251.138.59
db3-ptnr-dc-01.partners.extranet.microsoft.com. 2518 IN A 10.251.138.15
tk5-ptnr-dc-03.partners.extranet.microsoft.com. 1925 IN A 10.251.52.124
sin-ptnr-dc-03.partners.extranet.microsoft.com. 3109 IN A 10.251.168.67
rno-ptnr-dc-01.partners.extranet.microsoft.com. 2498 IN A 10.251.64.113
ph1-ptnr-dc-02.partners.extranet.microsoft.com. 2552 IN A 10.251.26.12
ph1-ptnr-dc-01.partners.extranet.microsoft.com. 3357 IN A 10.251.26.11
sin-ptnr-dc-02.partners.extranet.microsoft.com. 2897 IN A 10.251.169.47
sinxtdnsz01.partners.extranet.microsoft.com. 897 IN A 10.251.168.142
tk5-ptnr-dc-05.partners.extranet.microsoft.com. 3234 IN A 10.251.52.143
kaw-ptnr-dc-03.partners.extranet.microsoft.com. 1140 IN A 10.251.162.193

;; Query time: 70 msec
;; SERVER: 131.107.125.65#53(131.107.125.65)
;; WHEN: Thu Feb  9 04:03:26 2012
;; MSG SIZE  rcvd: 777

-DMM

More information about the bind-users mailing list