I'm seeing lots of DNS resolution failures on my router (running Utuntu 8.10, bind 9.3.4). While most succeed, I get quite a few FORMERR errors similar to: May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 66.151.140.2#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 192.168.3.1#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 192.112.36.4#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 128.63.2.53#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 192.228.79.201#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 192.36.148.17#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 202.12.27.33#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 192.33.4.12#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 192.5.5.241#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 192.58.128.30#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 128.8.10.90#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 198.41.0.4#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 192.203.230.10#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 193.0.14.129#53 May 4 20:25:25 localhost named[19579]: FORMERR resolving ' imap.gmail.com/A/IN': 199.7.83.42#53
I'm running an iptables firewall on this box, which is connected to the internet via a wireless access point on my roof with a link to my ISP. As a result of the above FORMERRs, clients on my lan are unable to resolve addresses -- in the above case, imap.gmail.com, and therefore are unable to access mail. Upon the recommendations of someone familiar with the relevant technologies, I've updated my DNS (named.conf) to set the edns-udp-size 500 option. This had no effect. If I use dig to resolve imap.gmail.com manually, by specifying any of the above-mentioned DNS servers, everything works fine. In fact, I can usually force my DNS server to begin resolving these address (e.g. imap.gmail.com) for a LITTLE while, by manually using nslookup and querying first for the NS record of gmail.com, and then for the A record of imap.gmail.com. Once I succeed in getting a resolution, the address record is cached, and my DNS will resolve the hostname until the cache time is exceeded. And then I'm back to no resolution and FORMERRs. Can anyone suggest anything I can try? Thanks much. -- Eric
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
