In article <mailman.567.1288203288.555.bind-us...@lists.isc.org>, Leo Baltus <leo.bal...@omroep.nl> wrote:
> Hi, > > We are in the process of migrating from bind-9.4-ESV-R2 to bind-9.7.2-P2. > > We have our authoritative servers migrated to bind-9.7.2-P2 and it all > seems to work fine. > > While testing our caching resolvers with bind-9.7.2-P2 however, we > noticed some errors in our logfiles we have never seen before. > > Oct 26 09:52:03 myhost named[21085]: DNS format error from 1.5.3.4#53 > resolving 1.2.4.2.x.y.z.example.com/TXT for client 1.5.3.203#15637: > non-improving referral > Oct 26 09:52:03 myhost named[21085]: DNS format error from 1.5.2.2#53 > resolving 1.2.4.2.x.y.z.example.com/TXT for client 1.5.3.203#15637: > non-improving referral > > Obviously I have obscured some data here :) As you may guess this is a > query for a TXT record from a blocklist-daemon. > > The nameservers on 1.5.3.4 and 1.5.2.2 are bind-9.7.2-P2. > > The queried domains are hosted by us and the hopefully relevant part of > the zone looks like this: > > x.y.z.example.com. IN NS bl1a.example.com. > x.y.z.example.com. IN NS bl1b.example.com. > > A dump of the cache shows NS and A records are in the cache for bl1[ab] > however, on each non-cached query from the client both errorlines > are printed in the log suggesting the resolver is not using the cached > NS records. It *is* using these NS records. It's complaining that there's a problem with the responses these machines are sending. > The client receives a valid answer, so my only real problem seems to be > the amount of spam I get in our logfiles. > > The blocklist is served by rbldnsd, manually query-ing gives my a > valid response. > > Could anybody tell me what problem bind is complaining about? > > Please CC me as I am not on this list. I think what it's complaining about is that the response to the query is a referral to the same or a higher level in the DNS hierarchy. It should be either an ordinary response, a referral to nameservers for a subzone, or an NXDOMAIN. Can you post the result of "dig 1.2.4.2.x.y.z.example.com @bl1a.example.com +norec"? -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users