DNS Format error ...
Mark Andrews
marka at isc.org
Wed Mar 28 21:20:02 UTC 2012
The problem is that their servers are returning non-authoritative
answers from the cache without also adding the NS records for the
child zone to allow the interative resolver to find a authoritative
answer. The parent server is configured as a recursive server not
a authoritative server.
On top of that you appear to be running BIND 9.7.0 which rejects
non-authoritative answers when it is supposed to be talking to
authoritative servers. Upgrade named and you should be fine.
Mark
In message <01f1f5b3-72a3-4bb7-a506-5cc4fc1d4246 at mail1.datasyncorp.com>, Tim Kel
ley writes:
>
> We've been having this issues with neweggbusiness.com - it seems the A rec for
> neweggbusiness.com is round robin load balanced:
>
> ;; ANSWER SECTION:
> neweggbusiness.com. 3600 IN A 216.52.208.154
> neweggbusiness.com. 3600 IN A 204.14.213.154
>
> ;; ANSWER SECTION:
> neweggbusiness.com. 3600 IN NS dns2.magnellmail.net.
> neweggbusiness.com. 3600 IN NS dns1.magnellmail.net.
>
> ... and "www.neweggbusiness.com" is an actual zone delegated to a different se
> t of name servers
>
> ;; ANSWER SECTION:
> www.neweggbusiness.com. 3600 IN NS ns14b.newegg.com.
> www.neweggbusiness.com. 3600 IN NS ns13b.newegg.com.
>
> The website uses links with both these names, and much of it doesn't work when
> using our bind server for recursive queries - the A rec for "www.neweggbusine
> ss.com" does not resolve using my bind9 server (DNS format error), but does re
> turn if I query the NS for neweggbusiness.com directly (below). I see this is
> not an authoritative answer, which it should be for the A record, no? The zone
> delegation and the A rec for www.neweggbusiness.com should both exist on the
> NS for parent zone, right? Is this the problem? If I dig against the NS for "w
> ww.neweggbusiness.com" I get an aa flag, but I should get an aa flag from the
> nameservers for the parent zone on that same query, I think. Nevertheless, the
> site works for most people - google's nameserver (8.8.8.8) seems to have no p
> roblem with it, for example.
>
> querying the NS for neweggbusiness.com -
>
> dig @216.52.208.156 www.neweggbusiness.com a
>
> ; <<>> DiG 9.7.0-P1 <<>> @216.52.208.156 www.neweggbusiness.com a
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13532
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.neweggbusiness.com. IN A
>
> ;; ANSWER SECTION:
> www.neweggbusiness.com. 1348 IN A 216.52.208.168
>
> ;; Query time: 61 msec
> ;; SERVER: 216.52.208.156#53(216.52.208.156)
> ;; WHEN: Wed Mar 28 09:29:50 2012
> ;; MSG SIZE rcvd: 56
>
>
>
> Tim Kelley
> tim at c4tech.com
> 504-896-8324
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list