In message <20100415204352.3695b40...@britaine.cis.anl.gov>, b19...@anl.gov wri tes: > I am trying to understand "format error" messages like this one from > BIND 9.7.0-P1: > > Apr 15 15:36:02 dnsserver.it.anl.gov named[8662]: > [ID 873579 daemon.notice] DNS format error > from 209.234.234.42#53 resolving markets.nytimes.wallst.com/AAAA > for client 164.54.214.14#13132: invalid response > > dnsserver% dig markets.nytimes.wallst.com @209.234.224.42 > > ; <<>> DiG 8.3 <<>> markets.nytimes.wallst.com @209.234.224.42 > ; (1 server found) > ;; res options: init recurs defnam dnsrch > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUERY SECTION: > ;; markets.nytimes.wallst.com, type = A, class = IN > > ;; ANSWER SECTION: > markets.nytimes.wallst.com. 1M IN A 209.234.225.89 > > ;; Total query time: 56 msec > ;; FROM: dnsserver.it.anl.gov to SERVER: 209.234.224.42 209.234.224.42 > ;; WHEN: Thu Apr 15 15:36:39 2010 > ;; MSG SIZE sent: 44 rcvd: 60 > > dnsserver% dig markets.nytimes.wallst.com @209.234.224.42 AAAA > > ; <<>> DiG 8.3 <<>> markets.nytimes.wallst.com @209.234.224.42 AAAA > ; (1 server found) > ;; res options: init recurs defnam dnsrch > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; QUERY SECTION: > ;; markets.nytimes.wallst.com, type = AAAA, class = IN > > ;; AUTHORITY SECTION: > wallst.com. 1M IN SOA lb-www-p1-bb2-01.mgmt.local. hostmast > er.lb-www-p1-bb2-01.mgmt.local. ( > 390 ; serial > 3H ; refresh > 1H ; retry > 1W ; expiry > 1M ) ; minimum > > > ;; Total query time: 56 msec > ;; FROM: dnsserver.it.anl.gov to SERVER: 209.234.224.42 209.234.224.42 > ;; WHEN: Thu Apr 15 15:36:56 2010 > ;; MSG SIZE sent: 44 rcvd: 118 > > dnsserver% > > I do not see what the error is in the response to the AAAA query.
In this case the wrong SOA is being returned. Looks like yet another badly configured load balancer where the backing nameserver has the wrong zone configured, "wallst.com" rather than the correct zone "markets.nytimes.wallst.com". Mark ; <<>> DiG 9.3.6-P1 <<>> +trace markets.nytimes.wallst.com aaaa ;; global options: printcmd . 309595 IN NS l.root-servers.net. . 309595 IN NS g.root-servers.net. . 309595 IN NS b.root-servers.net. . 309595 IN NS k.root-servers.net. . 309595 IN NS e.root-servers.net. . 309595 IN NS i.root-servers.net. . 309595 IN NS m.root-servers.net. . 309595 IN NS j.root-servers.net. . 309595 IN NS f.root-servers.net. . 309595 IN NS c.root-servers.net. . 309595 IN NS a.root-servers.net. . 309595 IN NS d.root-servers.net. . 309595 IN NS h.root-servers.net. ;; Received 492 bytes from 127.0.0.1#53(127.0.0.1) in 8 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 507 bytes from 2001:500:3::42#53(l.root-servers.net) in 184 ms wallst.com. 172800 IN NS dns01.wallst.com. wallst.com. 172800 IN NS dns02.wallst.com. wallst.com. 172800 IN NS dns03.wallst.com. wallst.com. 172800 IN NS ns4.wallst.com. ;; Received 186 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 177 ms markets.nytimes.wallst.com. 300 IN NS gtm02.wallst.com. markets.nytimes.wallst.com. 300 IN NS gtm03.wallst.com. markets.nytimes.wallst.com. 300 IN NS gtm01.wallst.com. ;; Received 178 bytes from 209.234.224.41#53(dns01.wallst.com) in 206 ms wallst.com. 60 IN SOA lb-www-p1-bb2-01.mgmt.local. hostmaster.lb-www-p1-bb2-01.mgmt.local. 400 10800 3600 604800 60 ;; Received 118 bytes from 209.234.234.42#53(gtm02.wallst.com) in 206 ms > ---------------------------------------------------------------------- > Barry S. Finkel > Computing and Information Systems Division > Argonne National Laboratory Phone: +1 (630) 252-7277 > 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 > Building 240, Room 5.B.8 Internet: bsfin...@anl.gov > Argonne, IL 60439-4828 IBMMAIL: I1004994 > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
