Re: lame-servers: error (FORMERR) resolving [something]

[Lyle Giese]

On 01/11/13 03:05, Daniele wrote:
Port 53 is open, I can also telnet it from another box in the same 
network.
Now I think the problem can be on the packets size, because I'm trying 
every solution but nothing works.


2013/1/9 Lyle Giese <l...@lcrcomputer.net <mailto:l...@lcrcomputer.net>>

    On 01/09/13 08:39, Daniele wrote:
    2013/1/9 Phil Mayers <p.may...@imperial.ac.uk
    <mailto:p.may...@imperial.ac.uk>>

        On 09/01/13 13:53, Daniele wrote:

            This is the scenario.

            I installed BIND9 via `apt-get` on a newly installed
            UBUNTU 12.04,
            virtualized on VirtualBox.
            The network works properly because if I indicate a
            different server from
            my own BIND9 (the first line of '/etc/resolv.conf' is,
            for example,
            `nameserver 8.8.8.8`) the lookups and any action on the
            Internet succeed.


        No, this assumption is not valid.


    I meant that I can reach the Internet and, vice versa, the
    Internet can reach my terminal.


    _______________________________________________
    Please visithttps://lists.isc.org/mailman/listinfo/bind-users  to 
unsubscribe from this list

    bind-users mailing list
    bind-users@lists.isc.org  <mailto:bind-users@lists.isc.org>
    https://lists.isc.org/mailman/listinfo/bind-users
    Recursive queries that named does for a client are different than
    your machine as a dns client reaching out to Google's recursive
    service.

    You need to have UDP & TCP port 53 open to your recursive
    server(the one running named) first of all.  And if any network
    element within your network limits the size of UDP packets, you
    will have problems with EDNS0 queries.

    On this box running named, try this:

    dig +trace www.msn.com <http://www.msn.com>

    dig +trace imperial.ac.uk <http://imperial.ac.uk>

    After dig gets a copy of the root servers from the local named, it
    will do the same type of queries that a recursive name server does.

    Lyle Giese
    LCR Computer Services, Inc.


Saying port 53 is open because you can telnet to it from a local 
computer is a very limited test.

1) Telnet only use TCP, UDP is the primary/first communication channel 
DNS uses.

2) The router between this computer and the Internet is not at fault?  
You have done no tests to prove that one way or the other.

Do a couple of dig +trace runs and see what that shows.  And try some 
any queries to a dnssec enable domain.

Lyle Giese
LCR Computer Services, Inc.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users