refused query on non-query socket from...

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Mar 6 11:13:52 UTC 2002 

> Mark_Andrews at isc.org wrote:
> 
> >         There are BROKEN nameservers that fail to set "QR" when
> > they         respond to a EDNS query.  When BIND 8.3 sees a reply like
> > the         following it will generate a "refused query on non-query
> > socket"         message.
> >
> >         Mark
> 
> What does it mean exactly ?

	BIND 8.3 supports EDNS (RFC 2671: Extension Mechanisms for
	DNS) which allows for bigger UDP answers to be sent.  There
	is no way to know in advance if the remote server supports
	EDNS or not.  You just make a query and when you get a
	FORMERR/NOTIMP/SERVFAIL response to a ENDS query you cache
	the fact that the remote server does not understand (except
	for SERFAIL) and retry without EDNS.  You also retry without
	EDNS if the first query timesout as there are some server
	that fail to send back error messages when they detect
	something they don't understand.

	Now responses are *supposed* to have Query Response (QR)
	set in the header (RFC 1034 / RFC 1035).  This allows servers
	that use the same socket for both receiving and making
	queries sort the queries from the responses.

	The server in question is NOT setting QR and as named uses
	a different socket (by default) for making queries to the
	one in receives queries on it is detecting this error and
	logging the message.

> I'm also getting lots of messages like this.
> 
> Is it a problem of the dns that generates the log message or from the dns
> your querying ?

	It's a problem with the remote server.  It is also slowing
	up resolution because the message gets dropped and the
	nameserver has to timeout rather that performing a fast
	retry which it will when it gets a answer indicating the
	remote server does not understand EDNS.
 
	The reason you see a lot of errors is that the remote server
	is a load balancer.  The answers it returns have a low TTL
	so you have to query it a lot more.  Named also don't see a
	cachable indication that the remote server does not understand
	ENDS.  As far as named is concerned it is behind a link
	that is dropping packets.

	Mark

>         Cheers
> 
> J.J.D
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list