Re: FORMERR-Format error issue
The nameservers for members.nmar.com are broken. They are returning 2 CNAME records when only 1 is allowed. The are also returning a referral to the root servers. Referrals to the root servers after following CNAMEs are supposed to have gone the way of the dodo. Multiple CNAMEs have never been allowed. Just because Google accepts broken responses, it doesn’t make them correct. Mark % dig members.nmar.com +norec @ns2.hover.com ; <<>> DiG 9.19.20-dev <<>> members.nmar.com +norec @ns2.hover.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51358 ;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;members.nmar.com. IN A ;; ANSWER SECTION: members.nmar.com. 900 IN CNAME public.west.us.memberzone.org. members.nmar.com. 900 IN CNAME public.east.us.memberzone.org. ;; AUTHORITY SECTION: . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. ;; Query time: 219 msec ;; SERVER: 64.98.148.13#53(ns2.hover.com) (UDP) ;; WHEN: Thu Feb 01 16:35:45 AEDT 2024 ;; MSG SIZE rcvd: 314 % > On 1 Feb 2024, at 16:27, Scott Richardson wrote: > > Hello, > > -I have been troubleshooting a format error in BIND 9 for about a week at > this point. > > -The symptoms: > > -I am unable to resolve members.nmar.com. > > -The nslookup output from a client to OUR private recursive DNS server is as > follows: > >> members.nmar.com > Server: [100.101.0.10] > Address: 100.101.0.10 > > *** [100.101.0.10] can't find members.nmar.com: Server failed > > -Our DNS server log output follows: > > Jan 26 13:48:00 dns1 named[1609]: FORMERR resolving 'members.nmar.com/A/IN': > 216.40.47.26#53 > Jan 26 13:48:00 dns1 named[1609]: FORMERR resolving 'members.nmar.com/A/IN': > 64.98.148.13#53 > > -It works with Cloudfare and Goole however: > >> server 8.8.8.8 > Default Server: dns.google > Address: 8.8.8.8 > >> members.nmar.com > Server: dns.google > Address: 8.8.8.8 > > Non-authoritative answer: > Name:public.west.us.memberzone.org > Address: 172.170.249.2 > Aliases: members.nmar.com > > -If I dig this from one of our other server it fails as well unless I add the > +norec option which DOES work. > > -If I perform an nslookup to their authoritative DNS servers I get a referral > to the root name server list: > > Server: ns1.hover.com > Address: 216.40.47.26 > > Name:nmar.com > Address: 20.25.91.29 > >> members.nmar.com > Server: ns1.hover.com > Address: 216.40.47.26 > > Non-authoritative answer: > Non-authoritative answer: > Name:members.nmar.com > Served by: > - a.root-servers.net > > > - b.root-servers.net > > > - c.root-servers.net > > > - d.root-servers.net > > > - e.root-servers.net > > > - f.root-servers.net > > > - g.root-servers.net > > > - h.root-servers.net > > > - i.root-servers.net > > > - j.root-servers.net > > -I am not sure if this is an issue with us or them or I need to adjust my > configuration somehow to accommodate a problem on their server. I am not > sure why other DNS is working but ours is failing. > > -This is tested with our server firewall disabled. > > -I have disabled firewall rules within our network to confirm NO firewall > issues are causing this. > > -I have checked the DNS with our upstream and they are resolving this url > correctly; therefore I don't suspect firewall issues within their network. > > -We are not using IPV6 at all at this time. > > -This is occurring with both of our redundant DNS servers and I fired up a > test server with Bind 9.16 and it is giving me the same result. > > -Any thoughts or suggestions would be very helpful and much appreciated! > > Regards, > > > Scott > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
FORMERR-Format error issue
Hello, -I have been troubleshooting a format error in BIND 9 for about a week at this point. -The symptoms: -I am unable to resolve members.nmar.com. -The nslookup output from a client to OUR private recursive DNS server is as follows: members.nmar.com Server: [100.101.0.10] Address: 100.101.0.10 *** [100.101.0.10] can't find members.nmar.com: Server failed -Our DNS server log output follows: Jan 26 13:48:00 dns1 named[1609]: FORMERR resolving 'members.nmar.com/A/IN': 216.40.47.26#53 Jan 26 13:48:00 dns1 named[1609]: FORMERR resolving 'members.nmar.com/A/IN': 64.98.148.13#53 -It works with Cloudfare and Goole however: server 8.8.8.8 Default Server: dns.google Address: 8.8.8.8 members.nmar.com Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name:public.west.us.memberzone.org Address: 172.170.249.2 Aliases: members.nmar.com -If I dig this from one of our other server it fails as well unless I add the +norec option which DOES work. -If I perform an nslookup to their authoritative DNS servers I get a referral to the root name server list: Server: ns1.hover.com Address: 216.40.47.26 Name:nmar.com Address: 20.25.91.29 members.nmar.com Server: ns1.hover.com Address: 216.40.47.26 Non-authoritative answer: Non-authoritative answer: Name:members.nmar.com Served by: - a.root-servers.net - b.root-servers.net - c.root-servers.net - d.root-servers.net - e.root-servers.net - f.root-servers.net - g.root-servers.net - h.root-servers.net - i.root-servers.net - j.root-servers.net -I am not sure if this is an issue with us or them or I need to adjust my configuration somehow to accommodate a problem on their server. I am not sure why other DNS is working but ours is failing. -This is tested with our server firewall disabled. -I have disabled firewall rules within our network to confirm NO firewall issues are causing this. -I have checked the DNS with our upstream and they are resolving this url correctly; therefore I don't suspect firewall issues within their network. -We are not using IPV6 at all at this time. -This is occurring with both of our redundant DNS servers and I fired up a test server with Bind 9.16 and it is giving me the same result. -Any thoughts or suggestions would be very helpful and much appreciated! Regards, Scott -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Support for clang atomic and gcc __sync builtins
Hi Sharada, To answer your question: Because C11 that includes stdatomic is 13 years old now, and we want the BIND 9 code base to be modernized. You can’t expect the C codebases to be stuck in the past. You can always provide your own stdatomic.h shims or even stdatomic.h implementation, you know your legacy platforms better than us. Nothing is stopping you. But it’s you (the legacy platform backed up by large corporation) who should carry the costs, not us (the open source with limited resources). Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 31. 1. 2024, at 19:15, Sharada N Allimatti wrote: > > We would like to know why only the _atomic builtins for GCC >=4 are supported > from bind 9.18 onwards. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Support for clang atomic and gcc __sync builtins
Hi , We use ISC BIND for our IBM AIX, we build open source bind with AIX xlc compiler to make it work on AIX. AIX xlc compiler supports gcc __sync builtin functions. Currently bind-9.16 is used on AIX, now we are planning to move bind from bind 9.16 to 9.18 but we see in 9.18, the support for clang atomic builtins and for gcc __sync builtins are removed . https://github.com/isc-projects/bind9/commit/54c389dbc0fa2cfb09e5125dd4ef91ed9a100e74 We would like to know why only the _atomic builtins for GCC >=4 are supported from bind 9.18 onwards. Thank you, Sharada -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users