Re: resolver: DNS format error from
Fedora 37 has more recent version in updates. I would recommend when in doubt trying to update your system, it might have been fixed already. But this problem is not on your side. You can try with dig some queries to their server: $ dig @195.178.56.17 +norec ns1.apr.gov.rs +nocookie | grep status: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2078 $ dig @195.178.56.17 +norec ns1.apr.gov.rs +noedns | grep status: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13954 $ dig @195.178.56.17 +norec ns1.apr.gov.rs | grep status: ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 44465 It is obvious their server cannot cope with cookies, which should be fixed on their side. It would be nice to send them kind mail requesting fix of their server. server 195.178.56.17 { send-cookie no; }; server 91.150.72.154 { send-cookie no; }; Should help until they do, but it is just a workaround. The are violating RFC 6891, paragraph 6.1.2 [1]: Any OPTION-CODE values not understood by a responder or requestor MUST be ignored. Cheers, Petr [1] https://www.rfc-editor.org/rfc/rfc6891#section-6.1.2 On 16. 05. 23 16:52, Alex wrote: Hi, I have a bind-9.18.7 system on fedora37 and having some strange errors with some queries. $ host info.apr.gov.rs <http://info.apr.gov.rs> Host info.apr.gov.rs <http://info.apr.gov.rs> not found: 2(SERVFAIL) in my bind logs I have the following: 16-May-2023 10:37:49.800 resolver: DNS format error from 195.178.56.17#53 resolving ns1.apr.gov.rs/ <http://ns1.apr.gov.rs/> for : server sent FORMERR 16-May-2023 10:37:49.800 lame-servers: received FORMERR resolving 'ns1.apr.gov.rs//IN <http://ns1.apr.gov.rs//IN>': 195.178.56.17#53 16-May-2023 10:37:49.800 lame-servers: timed out resolving 'info.apr.gov.rs/A/IN <http://info.apr.gov.rs/A/IN>': 212.62.49.194#53 16-May-2023 10:37:49.800 query-errors: client @0x7f9d546d5168 127.0.0.1#59712 (info.apr.gov.rs <http://info.apr.gov.rs>): query failed (failure) for info.apr.gov.rs/IN/A <http://info.apr.gov.rs/IN/A> at ../../../lib/ns/query.c:7717 In the limited search results I've found for this, I believe it has something to do with dnssec or EDNS, but I really don't know how to troubleshoot this. Is this a known problem? It also appears to be happening with even hosts like ticketmaster? 16-May-2023 10:21:09.348 lame-servers: FORMERR resolving 'engage.ticketmaster.com/NS/IN <http://engage.ticketmaster.com/NS/IN>': 205.251.194.123#53 This resolves fine to me now, does not need disabling cookies or ends. The host resolves fine on my bind-9.16.38 system using the exact same configuration, as well as most or all public resolvers. -- Petr Menšík Software Engineer, RHEL Red Hat,http://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: resolver: DNS format error from
On 17.05.23 11:31, Greg Choules via bind-users wrote: TL;DR 9.18 is stricter than 9.16 at handling junk responses from authoritative servers. I think there were even "DNS flag day"s when operators were supposed to install/configure systems that comply to standards. After next DNS flag say (none announced afaik) we should expect broken servers stop being supported - whoever owns one, will have troubles. Looking at a packet capture for this from my own BIND server (9.18.14) the response from 195.178.56.17 is FORMERR, which tends to mean that it objects to something in the query. The correct response to something you don't like is to ignore it, so this server is not obeying protocol and 9.18 is not going to try and work around broken behaviour. I disabled sending of cookies to this server and now it works. It could be that it doesn't like cookies, or just any EDNS option that it doesn't know what to do with. Either way, it should be fixed. On Tue, 16 May 2023 at 15:53, Alex wrote: I have a bind-9.18.7 system on fedora37 and having some strange errors with some queries. $ host info.apr.gov.rs Host info.apr.gov.rs not found: 2(SERVFAIL) in my bind logs I have the following: 16-May-2023 10:37:49.800 resolver: DNS format error from 195.178.56.17#53 resolving ns1.apr.gov.rs/ for : server sent FORMERR 16-May-2023 10:37:49.800 lame-servers: received FORMERR resolving ' ns1.apr.gov.rs//IN': 195.178.56.17#53 16-May-2023 10:37:49.800 lame-servers: timed out resolving ' info.apr.gov.rs/A/IN': 212.62.49.194#53 16-May-2023 10:37:49.800 query-errors: client @0x7f9d546d5168 127.0.0.1#59712 (info.apr.gov.rs): query failed (failure) for info.apr.gov.rs/IN/A at ../../../lib/ns/query.c:7717 In the limited search results I've found for this, I believe it has something to do with dnssec or EDNS, but I really don't know how to troubleshoot this. Is this a known problem? It also appears to be happening with even hosts like ticketmaster? 16-May-2023 10:21:09.348 lame-servers: FORMERR resolving ' engage.ticketmaster.com/NS/IN': 205.251.194.123#53 The host resolves fine on my bind-9.16.38 system using the exact same configuration, as well as most or all public resolvers. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: resolver: DNS format error from
Hi Alex. TL;DR 9.18 is stricter than 9.16 at handling junk responses from authoritative servers. Looking at a packet capture for this from my own BIND server (9.18.14) the response from 195.178.56.17 is FORMERR, which tends to mean that it objects to something in the query. The correct response to something you don't like is to ignore it, so this server is not obeying protocol and 9.18 is not going to try and work around broken behaviour. I disabled sending of cookies to this server and now it works. It could be that it doesn't like cookies, or just any EDNS option that it doesn't know what to do with. Either way, it should be fixed. Hope that helps. Greg On Tue, 16 May 2023 at 15:53, Alex wrote: > Hi, > I have a bind-9.18.7 system on fedora37 and having some strange errors > with some queries. > > $ host info.apr.gov.rs > Host info.apr.gov.rs not found: 2(SERVFAIL) > > in my bind logs I have the following: > 16-May-2023 10:37:49.800 resolver: DNS format error from 195.178.56.17#53 > resolving ns1.apr.gov.rs/ for : server sent FORMERR > 16-May-2023 10:37:49.800 lame-servers: received FORMERR resolving ' > ns1.apr.gov.rs//IN': 195.178.56.17#53 > 16-May-2023 10:37:49.800 lame-servers: timed out resolving ' > info.apr.gov.rs/A/IN': 212.62.49.194#53 > 16-May-2023 10:37:49.800 query-errors: client @0x7f9d546d5168 > 127.0.0.1#59712 (info.apr.gov.rs): query failed (failure) for > info.apr.gov.rs/IN/A at ../../../lib/ns/query.c:7717 > > In the limited search results I've found for this, I believe it has > something to do with dnssec or EDNS, but I really don't know how to > troubleshoot this. Is this a known problem? > > It also appears to be happening with even hosts like ticketmaster? > 16-May-2023 10:21:09.348 lame-servers: FORMERR resolving ' > engage.ticketmaster.com/NS/IN': 205.251.194.123#53 > > The host resolves fine on my bind-9.16.38 system using the exact same > configuration, as well as most or all public resolvers. > > > > > > > > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
resolver: DNS format error from
Hi, I have a bind-9.18.7 system on fedora37 and having some strange errors with some queries. $ host info.apr.gov.rs Host info.apr.gov.rs not found: 2(SERVFAIL) in my bind logs I have the following: 16-May-2023 10:37:49.800 resolver: DNS format error from 195.178.56.17#53 resolving ns1.apr.gov.rs/ for : server sent FORMERR 16-May-2023 10:37:49.800 lame-servers: received FORMERR resolving ' ns1.apr.gov.rs//IN': 195.178.56.17#53 16-May-2023 10:37:49.800 lame-servers: timed out resolving ' info.apr.gov.rs/A/IN': 212.62.49.194#53 16-May-2023 10:37:49.800 query-errors: client @0x7f9d546d5168 127.0.0.1#59712 (info.apr.gov.rs): query failed (failure) for info.apr.gov.rs/IN/A at ../../../lib/ns/query.c:7717 In the limited search results I've found for this, I believe it has something to do with dnssec or EDNS, but I really don't know how to troubleshoot this. Is this a known problem? It also appears to be happening with even hosts like ticketmaster? 16-May-2023 10:21:09.348 lame-servers: FORMERR resolving ' engage.ticketmaster.com/NS/IN': 205.251.194.123#53 The host resolves fine on my bind-9.16.38 system using the exact same configuration, as well as most or all public resolvers. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users