Understanding 'format error" Messages

Mark Andrews marka at isc.org
Thu Apr 15 23:52:48 UTC 2010 

In message <20100415204352.3695B4017A at britaine.cis.anl.gov>, b19141 at anl.gov wri
tes:
> I am trying to understand "format error" messages like this one from
> BIND 9.7.0-P1:
> 
>      Apr 15 15:36:02 dnsserver.it.anl.gov named[8662]:
>        [ID 873579 daemon.notice] DNS format error
>        from 209.234.234.42#53 resolving markets.nytimes.wallst.com/AAAA
>        for client 164.54.214.14#13132: invalid response
> 
> dnsserver% dig markets.nytimes.wallst.com @209.234.224.42
> 
> ; <<>> DiG 8.3 <<>> markets.nytimes.wallst.com @209.234.224.42
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      markets.nytimes.wallst.com, type = A, class = IN
> 
> ;; ANSWER SECTION:
> markets.nytimes.wallst.com.  1M IN A  209.234.225.89
> 
> ;; Total query time: 56 msec
> ;; FROM: dnsserver.it.anl.gov to SERVER: 209.234.224.42  209.234.224.42
> ;; WHEN: Thu Apr 15 15:36:39 2010
> ;; MSG SIZE  sent: 44  rcvd: 60
> 
> dnsserver% dig markets.nytimes.wallst.com @209.234.224.42 AAAA
> 
> ; <<>> DiG 8.3 <<>> markets.nytimes.wallst.com @209.234.224.42 AAAA
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      markets.nytimes.wallst.com, type = AAAA, class = IN
> 
> ;; AUTHORITY SECTION:
> wallst.com.             1M IN SOA       lb-www-p1-bb2-01.mgmt.local. hostmast
> er.lb-www-p1-bb2-01.mgmt.local. (
>                                         390             ; serial
>                                         3H              ; refresh
>                                         1H              ; retry
>                                         1W              ; expiry
>                                         1M )            ; minimum
> 
> 
> ;; Total query time: 56 msec
> ;; FROM: dnsserver.it.anl.gov to SERVER: 209.234.224.42  209.234.224.42
> ;; WHEN: Thu Apr 15 15:36:56 2010
> ;; MSG SIZE  sent: 44  rcvd: 118
> 
> dnsserver%
> 
> I do not see what the error is in the response to the AAAA query.

In this case the wrong SOA is being returned.

Looks like yet another badly configured load balancer where the
backing nameserver has the wrong zone configured, "wallst.com"
rather than the correct zone "markets.nytimes.wallst.com".

Mark

; <<>> DiG 9.3.6-P1 <<>> +trace markets.nytimes.wallst.com aaaa
;; global options:  printcmd
.			309595	IN	NS	l.root-servers.net.
.			309595	IN	NS	g.root-servers.net.
.			309595	IN	NS	b.root-servers.net.
.			309595	IN	NS	k.root-servers.net.
.			309595	IN	NS	e.root-servers.net.
.			309595	IN	NS	i.root-servers.net.
.			309595	IN	NS	m.root-servers.net.
.			309595	IN	NS	j.root-servers.net.
.			309595	IN	NS	f.root-servers.net.
.			309595	IN	NS	c.root-servers.net.
.			309595	IN	NS	a.root-servers.net.
.			309595	IN	NS	d.root-servers.net.
.			309595	IN	NS	h.root-servers.net.
;; Received 492 bytes from 127.0.0.1#53(127.0.0.1) in 8 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
;; Received 507 bytes from 2001:500:3::42#53(l.root-servers.net) in 184 ms

wallst.com.		172800	IN	NS	dns01.wallst.com.
wallst.com.		172800	IN	NS	dns02.wallst.com.
wallst.com.		172800	IN	NS	dns03.wallst.com.
wallst.com.		172800	IN	NS	ns4.wallst.com.
;; Received 186 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 177 ms

markets.nytimes.wallst.com. 300	IN	NS	gtm02.wallst.com.
markets.nytimes.wallst.com. 300	IN	NS	gtm03.wallst.com.
markets.nytimes.wallst.com. 300	IN	NS	gtm01.wallst.com.
;; Received 178 bytes from 209.234.224.41#53(dns01.wallst.com) in 206 ms

wallst.com.		60	IN	SOA	lb-www-p1-bb2-01.mgmt.local. hostmaster.lb-www-p1-bb2-01.mgmt.local. 400 10800 3600 604800 60
;; Received 118 bytes from 209.234.234.42#53(gtm02.wallst.com) in 206 ms

> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 240, Room 5.B.8             Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4828             IBMMAIL:  I1004994
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list