What does this mean?
Jim Reid
jim at rfc1035.com
Mon Dec 4 11:06:24 UTC 2000
>>>>> "Ricardo" == Ricardo Manuel Oliveira <rmo at eurotux.com> writes:
Ricardo> Today I started receiving these messages in bind's logs:
Ricardo> 04-Dec-2000 04:02:40.639 response-checks: Malformed response from [xxx.xxx.xxx.xxx].53 (query section mismatch (xxx.xxx.xxx.xxx.in-addr.arpa IN PTR))
Ricardo> 04-Dec-2000 04:02:41.242 response-checks: Malformed response from [xxx.xxx.xxx.xxx].53 (query section mismatch (xxx.xxx.xxx.xxx.in-addr.arpa IN PTR))
Ricardo> What does this mean? (No, the xxx.xxx.xxx.xxx isn't one
Ricardo> of my machines).
The messages mean what they say. Your name server thinks the reply
from xxx.xxx.xxx.xxx was mangled. The query section of the reply was
wrong. It looks like your server believes the answer didn't contain
the query that your server originally asked. This means there's a
protocol error between the xxx.xxx.xxx.xxx name server and yours. It
could be that server is sending corrupt packets or your server is
failing to decode correctly formatted packets. Or something in between
the servers is corrupting them. FYI, an a-z of common BIND error
messages is available on Cricket Liu's website. See:
http://www.acmebw.com/askmrdns/bind-messages.htm
Now, if you'd supplied the actual logs, AS IS, someone might have been
able to query the offending server and take a look at the packets. But
since you deliberately concealed this information with xxx.xxx.xxx.xxx
crap - WHY? - that opportunity has been lost.
ALWAYS, ALWAYS provide the real information when you ask questions
here. First of all, it means any replies you get can refer to the
actual data, instead of vague nonsense about xxx.xxx.xxx.xxx and so
on. This avoids all sorts of confusion. [Because you mangled the log
messages in your posting, I'll leave it up to you to figure out which
of the xxx.xxx.xxx.xxx references in my answer refer to
xxx.xxx.xxx.xxx the IP address and which refer to xxx.xxx.xxx.xxx the
PTR query. Or maybe they both refer to the IP address. Or maybe they
don't. Do you see the sort of confusion you can make for everyone by
hiding useful and relevant information?] Secondly access to real
information allows someone to troubleshoot the problem by querying
remote name servers, check delegations, etc, etc. If you can't/won't
provide that information, that help isn't possible. And it is help
you're after, right? Thirdly, quoting real information prevents any
confusion with made up "pretend" or example names that really exist,
like mydomain.com for instance. Finally the real information can help
someone figure out what's wrong when the question is badly worded or
when it contains uses incorrect or misleading technical terms.
More information about the bind-users
mailing list