RCODE, FORMERR, and bad auth Errors

Mark Andrews Mark_Andrews at isc.org
Thu Nov 6 00:31:44 UTC 2008 

In message <49123512.1020204 at chrysler.com>, Kevin Darcy writes:
> I can resolve ns2.escapia.com/AAAA fine from both of those nameservers 
> so either it was a temporary problem on the remote end, or you have some 
> middlebox molesting your DNS packets.
> 
>                                                                          
>                            - Kevin

	I see a referral.  For it to be a negative answer there
	needs to the SOA record in the authority section, AA=1 is
	not enough.  See RFC 2308.

	For it not the be a referral there needs to be a answer in
	the answer section or there needs to be a SOA record in the
	authority section.  The answers being returned from
	*.ultradns.net have neither.

	Bcc'd Support at UltraDNS.com so hopefully they can raise the
	issue with engineering.
	
	Mark

escapia.com.            172800  IN      NS      udns1.ultradns.net.
escapia.com.            172800  IN      NS      udns2.ultradns.net.
;; Received 117 bytes from 192.12.94.30#53(e.gtld-servers.net) in 4102 ms

escapia.com.            86400   IN      NS      pdns6.ultradns.co.uk.
escapia.com.            86400   IN      NS      pdns5.ultradns.info.
escapia.com.            86400   IN      NS      pdns4.ultradns.org.
escapia.com.            86400   IN      NS      pdns3.ultradns.org.
escapia.com.            86400   IN      NS      pdns2.ultradns.net.
escapia.com.            86400   IN      NS      pdns1.ultradns.net.
escapia.com.            86400   IN      NS      escapia.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 234 bytes from 204.69.234.1#53(udns1.ultradns.net) in 169 ms

 
> Steve Koon wrote:
> > I am getting some error messages in my primary dns server log file and
> > was wondering if I could get a little help on what steps to take that
> > would resolve these.
> >  
> >
> > Thanks,
> >
> > Steve
> >
> >  
> >
> >  
> >
> >  
> >
> > ===== Snapshot of the Primary Log file =====
> >
> > zone mthoodrentals.com/IN: sending notifies (serial 2008110402)
> >
> > unexpected RCODE (SERVFAIL) resolving 'ns2.escapia.com/AAAA/IN':
> > 63.251.161.33#53
> >
> > FORMERR resolving 'ns2.escapia.com/AAAA/IN': 204.69.234.1#53
> >
> > FORMERR resolving 'ns2.escapia.com/AAAA/IN': 204.74.101.1#53
> >
> > too many timeouts resolving 'ns2.escapia.com/AAAA' (in 'escapia.com'?):
> > disabling EDNS
> >
> > client 69.25.129.118#1886: transfer of 'bigtreesvacationrentals.com/IN':
> > AXFR started
> >
> > client 69.25.129.118#1886: transfer of 'bigtreesvacationrentals.com/IN':
> > AXFR ended
> >
> > client 69.25.129.117#4523: transfer of 'bigtreesvacationrentals.com/IN':
> > AXFR started
> >
> > client 69.25.129.117#4523: transfer of 'bigtreesvacationrentals.com/IN':
> > AXFR ended
> >
> > invalid command from 127.0.0.1#1454: bad auth
> >
> >  
> >
> >  
> >
> > ===== Primary name.conf =====
> >
> > options {
> >
> >  
> >
> >         directory "C:\WINDOWS\system32\dns\etc";
> >
> >         dump-file "C:\WINDOWS\system32\dns\etc\named\dump\nameddump.db";
> >
> >         statistics-file
> > "C:\WINDOWS\system32\dns\etc\named\stats\named.stats";
> >
> >             pid-file "C:\WINDOWS\system32\dns\etc\named\run\named.pid";
> >
> >             recursion yes;
> >
> >             zone-statistics yes;
> >
> >         forwarders { 63.251.161.33 ; 63.251.161.1; };
> >
> >  
> >
> >         #forward first;
> >
> >  
> >
> >         listen-on-v6 { any; };
> >
> >             dnssec-enable yes;
> >
> > };
> >
> >  
> >
> > key "rndc-key" { algorithm hmac-md5; secret "?????????????????????"; };
> >
> >  
> >
> > controls {
> >
> >             inet 127.0.0.1 port 953 allow { localhost; } keys {
> > "rndc-key"; };
> >
> > };
> >
> >  
> >
> >             logging{
> >
> >             channel my_log{
> >
> >                         file
> > "C:\WINDOWS\system32\dns\etc\named\log\named.log" versions 3 size 250k;
> >
> >                         severity info;
> >
> >             };
> >
> >             category default{
> >
> >                         my_log;
> >
> >             };
> >
> > };
> >
> >  
> >
> >  
> >
> > zone "." in {
> >
> >         type hint;
> >
> >         file "named\zones\root.servers";
> >
> > };
> >
> >  
> >
> > zone "localhost" in {
> >
> >         type master;
> >
> >         file "named\zones\master.localhost";
> >
> > };
> >
> >  
> >
> > zone "0.0.127.in-addr.arpa" in {
> >
> >         type master;
> >
> >         file "named\zones\localhost.rev";
> >
> > };
> >
> >  
> >
> >  
> >
> > # Reverse Zone for 69.25.129.0
> >
> > zone "129.25.69.IN-ADDR.ARPA" in {
> >
> >         type master;
> >
> >         file
> > "C:\WINDOWS\system32\dns\etc\named\zones\129.25.69.IN-ADDR.ARPA";
> >
> >             
> >
> > };
> >
> >  
> >
> > #
> >
> > zone bigtreesvacationrentals.com. in {
> >
> >         type master;
> >
> >         file
> > "C:\WINDOWS\system32\dns\etc\named\zones\bigtreesvacationrentals.com.zon
> > e";
> >
> > };
> >
> >  
> >
> > #
> >
> > zone mthoodrentals.com. in {
> >
> >             type master;
> >
> >         file
> > "c:\windows\system32\dns\etc\named\zones\mthoodrentals.com.zone";
> >
> > };
> >
> >  
> >
> >  
> >
> >
> >
> >
> >
> >   
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list