lame-servers: error (FORMERR) resolving [something]
Shane Kerr
shane at isc.org
Mon Jan 14 11:05:01 UTC 2013
Daniele,
It may be a simple case of your firewall not allowing any DNS queries
that do not request recursion. Difficult to know.
You may want to try:
dig +trace www.isc.org
This will follow the referrals from the root, and you can verify that
this works.
The next step may be to try:
dig +trace +dnssec www.isc.org
This will ask for DNSSEC, which will mean enabling EDNS0 and getting
bigger response packets, both of which can cause problems with broken
middleboxes (although BIND 9 should work even in those cases).
Cheers,
--
Shane
On Monday, 2013-01-14 10:44:44 +0100,
Daniele <d.imbrogino at gmail.com> wrote:
> What tests should I do?
> If I query directly an external name-server (one of the root ones or
> 8.8.8.8 for example) I receive the correct response.
> For this reason I'm inclined to think that the router doesn't block
> packets to/from port 53.
> Why should it block packets generated by BIND9?
More information about the bind-users
mailing list