formerr for some queries until named restarted

Kal Feher kal.feher at melbourneit.com.au
Mon Aug 6 07:27:12 UTC 2007 

Others have responded with alternative configurations, so I'll not repeat
those.

If you'd like to investigate further, regardless of the ultimate
configuration, then please note:

FORMERR means the remote server server replied that the query had a format
error. There are a bunch of reasons why DNS servers respond with FORMERR. In
this regard, search engines are your friend ;) Perhaps the log on the modem
may be of assistance?

Due to the nature of DSL services you may wish to retry the query soon
afterwards, but after the negative cache has expired for the zone in
question.

It appears that linux box->modem appears to be the issue, so the suggestions
from this list may well side step the issue, by using the root servers.

Alternatively, if your ISP needs those precious few bytes of bandwidth that
customer lookups will rob them of, you could forward to a name server they
provide for customers (may be in the modems configuration), hopefully they
will handle the requests better than the modem.

On 6/8/07 3:00 PM, "Jason Grant" <expires07 at logular.com> wrote:

> I have an ADSL modem that can operate as a nameserver, albeit without a
> caching capability.
> 
> To introduce some caching on my home network, I've set up bind9.4 on
> fedora7 as shown below.  It forwards to the modem when it does not have
> an answer in its cache, and it is running in IPV4 mode with the -4
> switch.
> 
> With this setup, I regularly have a problem with named returning
> SERVFAIL, and logging FORMERRs for particular queries (sample below).
> After named returns an error it continues to do so for the same query
> until it is restarted.   If I query the modem directly, it resolves the
> name without a problem.  After restarting named, the query works fine.
> 
> Another possible clue: this fault seems to occur repeatedly only for a
> handful of queries.  In recent days, I've encountered this problem
> repeatedly for the following names, whereas others work fine:
> 
> FORMERR resolving 'addons.glb.mozilla.com/A/IN': 192.168.1.1#53
> FORMERR resolving 'download.eclipse.org/A/IN': 192.168.1.1#53
> FORMERR resolving 'ftp.nai.com/A/IN': 192.168.1.1#53
> FORMERR resolving 'madheifer.pacific.net.au/A/IN': 192.168.1.1#53
> FORMERR resolving 'mail.internode.on.net/A/IN': 192.168.1.1#53
> FORMERR resolving 'subclipse.tigris.org/A/IN': 192.168.1.1#53
> FORMERR resolving 'update.nai.com/A/IN': 192.168.1.1#53
> 
> Possible causes or troubleshooting tips appreciated.
> 
> Thanks,
> 
> Jason.
> 
> # -------------------------------------------------
> # My named.conf
> # -------------------------------------------------
> // Define an access list for our internal network
> acl internal { 192.168.1.0/24; 127.0.0.1; };
> 
> options {
>         directory       "/var/named";
> 
>         // Forwarding occurs only on those queries for which the server
>         // is not authoritative and does not have an answer in its cache
>         forward only;
>         // adsl modem (running in router mode with DNS)
>         forwarders {
>                 192.168.1.1;
>                 };
> 
>         # listen on localhost and internal interface only
>         listen-on port 53 { 127.0.0.1; 192.168.1.254; };
>         dump-file       "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>         query-source    port 53;
>         allow-query     { internal; };
> };
> 
> # -------------------------------------------------
> # Oops, named cannot resolve my ISP's mail server
> # -------------------------------------------------
> [jas at talby ~]$ dig mail.internode.on.net
> 
> ; <<>> DiG 9.4.1 <<>> mail.internode.on.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60323
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mail.internode.on.net.         IN      A
> 
> ;; Query time: 18 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Mon Aug  6 14:29:12 2007
> ;; MSG SIZE  rcvd: 39
> 
> # -------------------------------------------------
> # It logged a FORMERR during the query above
> # -------------------------------------------------
> Aug  6 14:28:22 talby named[5074]: FORMERR resolving
> 'mail.internode.on.net/A/IN': 192.168.1.1#53
> 
> # -------------------------------------------------
> # After restarting named, the query works fine
> # -------------------------------------------------
> [jas at talby ~]$ dig mail.internode.on.net
> 
> ; <<>> DiG 9.4.1 <<>> mail.internode.on.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61635
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
> 
> ;; QUESTION SECTION:
> ;mail.internode.on.net.         IN      A
> 
> ;; ANSWER SECTION:
> mail.internode.on.net.  41      IN      A       203.16.214.182
> 
> ;; AUTHORITY SECTION:
> internode.on.net.       1086    IN      NS      ns3.on.net.
> internode.on.net.       1086    IN      NS      ns2.on.net.
> internode.on.net.       1086    IN      NS      ns4.on.net.
> internode.on.net.       1086    IN      NS      ns1.on.net.
> 
> ;; ADDITIONAL SECTION:
> ns1.on.net.             40942   IN      A       216.200.145.64
> ns2.on.net.             40911   IN      A       192.231.203.2
> ns3.on.net.             40942   IN      A       192.83.231.19
> ns4.on.net.             43812   IN      A       192.231.203.3
> 
> ;; Query time: 68 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Mon Aug  6 14:30:50 2007
> ;; MSG SIZE  rcvd: 191
> 
> 

-- 
Kal Feher

More information about the bind-users mailing list