This is the scenario. I installed BIND9 via `apt-get` on a newly installed UBUNTU 12.04, virtualized on VirtualBox. The network works properly because if I indicate a different server from my own BIND9 (the first line of '/etc/resolv.conf' is, for example, `nameserver 8.8.8.8`) the lookups and any action on the Internet succeed.
BIND9 configuration is the default one. I deleted all local zones that I added (even if internal lookups worked correctly). Now there are only default zones (root, localhost, 127.in-addr.arpa, 0.in-addr.arpa, 255.in-addr.arpa). Options are the default ones options { directory "/var/cache/bind"; dnssec-validation auto; auth-nxdomain no; listen-on-v6 {any;} }; In this situation, if I dig anything the lookup fails, and the log is full of "lame server" and "FORMERR". Why? Perhaps the problem is due to the presence of “dnssec-validaton“ line? 2013/1/8 Matus UHLAR - fantomas <uh...@fantomas.sk> > > Sometimes I can't resolve some addresses and, in the logs, I can find >>> > the message in the title: >>> > lame-servers: error (FORMERR) resolving [something] >>> > (where `something` is the address I'm trying to resolve). >>> > >>> > What does it means? >>> >> > 2013/1/8 Shane Kerr <sh...@isc.org> >> >>> When acting as a recursive resolver, BIND 9 follows the chain of >>> delegation from the root, contacting name servers identified for each >>> domain on the way. >>> >>> In this case, one of those name servers returned a packet that BIND 9 >>> did not like for some reason - a FORMat ERRor. The offending server is >>> marked as "lame" since it cannot answer queries for the domain in >>> question. >>> >>> The message should also include the IP address of the server that it is >>> going to at the end of the line. >>> >> > On 08.01.13 13:05, Daniele wrote: > >> So it's not my responsibility to resolve the problem, right? >> >> The point is that, sometimes, I can't resolve an address because of this >> lame servers, and dig (for example) fails. >> >> Is it possible? >> > > possible, yes. but I would not be sure, since there are many different > reasons for the lookups to fail. > > and there are few web services that check proper DNS functionality. I > advise > check with more of them, since there's none I would completely trust. > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Spam = (S)tupid (P)eople's (A)dvertising (M)ethod > ______________________________**_________________ > Please visit > https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users> >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users