Question on Bind validating resolver
Volker Janzen
volker at janzen.onl
Wed Jan 25 20:22:00 UTC 2017
Hi,
when my Bind resolver tries to get the A record for info.nominet.uk the syslog gets lots of messages like this:
Jan 25 21:15:52 box named[25097]: DNS format error from 173.245.58.93#53 resolving info.nominet.uk/DS: invalid response
Jan 25 21:15:52 box named[25097]: error (FORMERR) resolving 'info.nominet.uk/DS/IN': 173.245.58.93#53
Jan 25 21:15:52 box named[25097]: error (no valid DS) resolving 'info.nominet.uk/A/IN': 52.58.218.210#53
Jan 25 21:15:52 box named[25097]: DNS format error from 173.245.58.93#53 resolving info.nominet.uk/DS: invalid response
info.nominet.uk is delegated with NS records to other nameservers, but the info.nominet.uk zone is not signed and of course there are no DS records set for info.nominet.uk in nominet.uk.
It seems legit to not sign sub delegations, so why is Bind complaining and returning SERVFAIL?
I tested this with different Bind versions from Debian 8 and Ubuntu 14.04.
Regards
Volker
More information about the bind-users
mailing list