Re: Understanding 'format error" Messages

2010-04-15 Thread Michael Sinatra 

b19...@anl.gov wrote:

I am trying to understand "format error" messages like this one from
BIND 9.7.0-P1:

 Apr 15 15:36:02 dnsserver.it.anl.gov named[8662]:
   [ID 873579 daemon.notice] DNS format error
   from 209.234.234.42#53 resolving markets.nytimes.wallst.com/
   for client 164.54.214.14#13132: invalid response


I haven't looked at the code too closely (maybe someone from ISC can 
chime in), but I am also interested in understanding the range of 
possible errors that this message indicates.


In this particular case, the authoritative nameserver is giving out an 
obviously bogus NS record for wallst.com:


manasquan# dig wallst.com @209.234.224.42 any

; <<>> DiG 9.7.0-P1 <<>> wallst.com @209.234.224.42 any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17612
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;wallst.com.IN  ANY

;; ANSWER SECTION:
wallst.com. 500 IN  SOA 
lb-www-p1-bb2-01.mgmt.local. hostmaster.lb-www-p1-bb2-01.mgmt.local. 390 
10800 3600 604800 60

wallst.com. 500 IN  NS  lb-www-p1-bb2-01.mgmt.local.

Not sure if that's causing the format error, but it is obviously broken 
(and all too common still).


michael
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Understanding 'format error" Messages

2010-04-15 Thread Mark Andrews 

In message <20100415204352.3695b40...@britaine.cis.anl.gov>, b19...@anl.gov wri
tes:
> I am trying to understand "format error" messages like this one from
> BIND 9.7.0-P1:
> 
>  Apr 15 15:36:02 dnsserver.it.anl.gov named[8662]:
>[ID 873579 daemon.notice] DNS format error
>from 209.234.234.42#53 resolving markets.nytimes.wallst.com/
>for client 164.54.214.14#13132: invalid response
> 
> dnsserver% dig markets.nytimes.wallst.com @209.234.224.42
> 
> ; <<>> DiG 8.3 <<>> markets.nytimes.wallst.com @209.234.224.42
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;  markets.nytimes.wallst.com, type = A, class = IN
> 
> ;; ANSWER SECTION:
> markets.nytimes.wallst.com.  1M IN A  209.234.225.89
> 
> ;; Total query time: 56 msec
> ;; FROM: dnsserver.it.anl.gov to SERVER: 209.234.224.42  209.234.224.42
> ;; WHEN: Thu Apr 15 15:36:39 2010
> ;; MSG SIZE  sent: 44  rcvd: 60
> 
> dnsserver% dig markets.nytimes.wallst.com @209.234.224.42 
> 
> ; <<>> DiG 8.3 <<>> markets.nytimes.wallst.com @209.234.224.42 
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;  markets.nytimes.wallst.com, type = , class = IN
> 
> ;; AUTHORITY SECTION:
> wallst.com. 1M IN SOA   lb-www-p1-bb2-01.mgmt.local. hostmast
> er.lb-www-p1-bb2-01.mgmt.local. (
> 390 ; serial
> 3H  ; refresh
> 1H  ; retry
> 1W  ; expiry
> 1M ); minimum
> 
> 
> ;; Total query time: 56 msec
> ;; FROM: dnsserver.it.anl.gov to SERVER: 209.234.224.42  209.234.224.42
> ;; WHEN: Thu Apr 15 15:36:56 2010
> ;; MSG SIZE  sent: 44  rcvd: 118
> 
> dnsserver%
> 
> I do not see what the error is in the response to the  query.

In this case the wrong SOA is being returned.

Looks like yet another badly configured load balancer where the
backing nameserver has the wrong zone configured, "wallst.com"
rather than the correct zone "markets.nytimes.wallst.com".

Mark

; <<>> DiG 9.3.6-P1 <<>> +trace markets.nytimes.wallst.com 
;; global options:  printcmd
.   309595  IN  NS  l.root-servers.net.
.   309595  IN  NS  g.root-servers.net.
.   309595  IN  NS  b.root-servers.net.
.   309595  IN  NS  k.root-servers.net.
.   309595  IN  NS  e.root-servers.net.
.   309595  IN  NS  i.root-servers.net.
.   309595  IN  NS  m.root-servers.net.
.   309595  IN  NS  j.root-servers.net.
.   309595  IN  NS  f.root-servers.net.
.   309595  IN  NS  c.root-servers.net.
.   309595  IN  NS  a.root-servers.net.
.   309595  IN  NS  d.root-servers.net.
.   309595  IN  NS  h.root-servers.net.
;; Received 492 bytes from 127.0.0.1#53(127.0.0.1) in 8 ms

com.172800  IN  NS  a.gtld-servers.net.
com.172800  IN  NS  b.gtld-servers.net.
com.172800  IN  NS  c.gtld-servers.net.
com.172800  IN  NS  d.gtld-servers.net.
com.172800  IN  NS  e.gtld-servers.net.
com.172800  IN  NS  f.gtld-servers.net.
com.172800  IN  NS  g.gtld-servers.net.
com.172800  IN  NS  h.gtld-servers.net.
com.172800  IN  NS  i.gtld-servers.net.
com.172800  IN  NS  j.gtld-servers.net.
com.172800  IN  NS  k.gtld-servers.net.
com.172800  IN  NS  l.gtld-servers.net.
com.172800  IN  NS  m.gtld-servers.net.
;; Received 507 bytes from 2001:500:3::42#53(l.root-servers.net) in 184 ms

wallst.com. 172800  IN  NS  dns01.wallst.com.
wallst.com. 172800  IN  NS  dns02.wallst.com.
wallst.com. 172800  IN  NS  dns03.wallst.com.
wallst.com. 172800  IN  NS  ns4.wallst.com.
;; Received 186 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 177 ms

markets.nytimes.wallst.com. 300 IN  NS  gtm02.wallst.com.
markets.nytimes.wallst.com. 300 IN  NS  gtm03.wallst.com.
markets.nyti