Understanding cause of DNS format error (FORMERR)
Barry Margolin
barmar at alum.mit.edu
Tue Jun 26 14:09:44 UTC 2012
In article <mailman.1144.1340718471.63724.bind-users at lists.isc.org>,
Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:
> For a NXDOMAIN response, or NOERROR with an empty answer section, the
> server should provide the SOA record in the authority section. That SOA
> is the apex of the zone which doesn't contain the answer record you
> asked for, if you see what I mean. The server is proving that it has
> authority to tell you that the information doesn't exist.
More important, the SOA record contains the TTL that should be used for
the negative cache entry.
>
> The fact that looking for nonexistent data for
> vlasext.partners.extranet.microsoft.com returns the
> partners.extranet.microsoft.com SOA record shows that the vlasext
> subdomain has not been delegated. The servers should therefore be able
> to offer an authoritative answer for data that does exist for
> vlasext.etc... but they don't.
This type of inconsistency often suggests a DNS-based load balancer is
involved.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list