Re: FORMERR resolving AAAA/IN records

Michael Milligan Mon, 30 Mar 2009 09:37:59 -0700

Very curious...

That server (cpns01.secureserver.net) is claiming authority for the root
zone, so it's just plain a bad actor.  Into my blackhole list it goes,
along with it's friends...


$ dig @216.69.185.38 +norec any .

; <<>> DiG 9.6.0-P1 <<>> @216.69.185.38 +norec any .
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50807
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.                              IN      ANY

;; ANSWER SECTION:
.                       86400   IN      SOA     cpns01.secureserver.net.
dns.jomax.net. 20080922 28800 7200 604800 86400
.                       3600    IN      NS      cpns01.secureserver.net.
.                       3600    IN      NS      cpns02.secureserver.net.
.                       3600    IN      MX      0 smtp.secureserver.net.
.                       3600    IN      MX      10
mailstore1.secureserver.net.

;; Query time: 96 msec
;; SERVER: 216.69.185.38#53(216.69.185.38)
;; WHEN: Mon Mar 30 10:30:38 2009
;; MSG SIZE  rcvd: 187


Mark Andrews wrote:
> In message <20090326141903.1917917...@britaine.cis.anl.gov>, b19...@anl.gov 
> writ
> es:
>> Oliver Henriot <oliver.henr...@imag.fr> wrote:
>>
>> dnsserver% !! AAAA
>> dig auniarael.com @216.69.185.38 AAAA
>>
>> ; <<>> DiG 8.3 <<>> auniarael.com @216.69.185.38 AAAA 
>> ; (1 server found)
>> ;; res options: init recurs defnam dnsrch
>> ;; got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
>> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0
>> ;; QUERY SECTION:
>> ;;      auniarael.com, type = AAAA, class = IN
>>
>> ;; AUTHORITY SECTION:
>> .                       1D IN SOA       cpns01.secureserver.net. 
>> dns.jomax.net
>> . (
>>                                         20080922        ; serial
>>                                         8H              ; refresh
>>                                         2H              ; retry
>>                                         1W              ; expiry
>>                                         1D )            ; minimum
>>
>> auniarael.com.          1H IN NS        cpns01.secureserver.net.
>> auniarael.com.          1H IN NS        cpns02.secureserver.net.
>>
>> ;; Total query time: 62 msec
>> ;; FROM: dnsserver.anl.gov to SERVER: 216.69.185.38  216.69.185.38
>> ;; WHEN: Thu Mar 26 09:06:02 2009
>> ;; MSG SIZE  sent: 31  rcvd: 157
> 
>       Note this answer is internally self inconsistant.  AA=1
>       which indicates the answer is authoritative yet the authority
>       section contains SOA and NS RRsets with different owners
>       with the SOA being higher in the namespace than the NS
>       RRset.
> 
>       Even if AA=0 it would still be self inconsistant and the
>       relationship between the SOA and NS RRsets is impossible
>       in a well formed response.
> 
>       Mark


_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: FORMERR resolving AAAA/IN records

Reply via email to