Understanding cause of DNS format error (FORMERR)
Gabriele Paggi
gabriele.pgi at gmail.com
Fri Jun 22 09:22:12 UTC 2012
Hello,
I'm a BIND novice and I'm trying to understand what causes my BIND9
resolver (bind97-9.7.0-10.P2) to return an error when queried for the
A record of vlasext.partners.extranet.microsoft.com:
Jun 22 11:14:47 res1 named[32210]: DNS format error from
94.245.124.49#53 resolving vlasext.partners.extranet.microsoft.com/A
for client 10.16.32.4#50421: invalid response
Jun 22 11:14:47 res1 named[32210]: error (FORMERR) resolving
'vlasext.partners.extranet.microsoft.com/A/IN': 94.245.124.49#53
Jun 22 11:14:47 res1 named[32210]: DNS format error from
131.107.125.65#53 resolving vlasext.partners.extranet.microsoft.com/A
for client 10.16.32.4#50421: invalid response
Jun 22 11:14:47 res1 named[32210]: error (FORMERR) resolving
'vlasext.partners.extranet.microsoft.com/A/IN': 131.107.125.65#53
Jun 22 11:14:47 res1 named[32210]: DNS format error from
207.46.55.10#53 resolving vlasext.partners.extranet.microsoft.com/A
for client 10.16.32.4#50421: invalid response
Jun 22 11:14:47 res1 named[32210]: error (FORMERR) resolving
'vlasext.partners.extranet.microsoft.com/A/IN': 207.46.55.10#53
If I submit the same query to a Windows DNS, or one of the Google DNS,
I do get a reply:
[gpaggi at res1 ~]# dig A @8.8.8.8 vlasext.partners.extranet.microsoft.com +short
70.42.230.20
[gpaggi at res1 ~]#
Is it related to the "AA bit strictness"[1] ? 94.245.124.49 is
dns11.one.microsoft.com and does indeed reply without setting the AA
bit.
As far as know the 'strictness' was removed in P2, correct me if I'm wrong.
Thanks!
Gabriele
[1] http://www.isc.org/community/blog/201007/compatibility-issues-bind-970-and-971
More information about the bind-users
mailing list