Hi Mark, Op 28/10/2010 om 13:38:13 +1100, schreef Mark Andrews: > In message <20101026161348.gj2...@omroep.nl>, Leo Baltus writes: > > We are in the process of migrating from bind-9.4-ESV-R2 to bind-9.7.2-P2. > > > > We have our authoritative servers migrated to bind-9.7.2-P2 and it all > > seems to work fine. > > > > While testing our caching resolvers with bind-9.7.2-P2 however, we > > noticed some errors in our logfiles we have never seen before. > > > > Oct 26 09:52:03 myhost named[21085]: DNS format error from 1.5.3.4#53 > > resolvi > > ng 1.2.4.2.x.y.z.example.com/TXT for client 1.5.3.203#15637: non-improving > > re > > ferral > > Oct 26 09:52:03 myhost named[21085]: DNS format error from 1.5.2.2#53 > > resolvi > > ng 1.2.4.2.x.y.z.example.com/TXT for client 1.5.3.203#15637: non-improving > > re > > ferral > > > > Obviously I have obscured some data here :) As you may guess this is a > > query for a TXT record from a blocklist-daemon. > > > > The nameservers on 1.5.3.4 and 1.5.2.2 are bind-9.7.2-P2. > > > > The queried domains are hosted by us and the hopefully relevant part of > > the zone looks like this: > > > > x.y.z.example.com. IN NS bl1a.example.com. > > x.y.z.example.com. IN NS bl1b.example.com. > > > > A dump of the cache shows NS and A records are in the cache for bl1[ab] > > however, on each non-cached query from the client both errorlines > > are printed in the log suggesting the resolver is not using the cached > > NS records. > > > > The client receives a valid answer, so my only real problem seems to be > > the amount of spam I get in our logfiles. > > > > The blocklist is served by rbldnsd, manually query-ing gives my a > > valid response. > > > > Could anybody tell me what problem bind is complaining about? > > > > Please CC me as I am not on this list. > > Run "dig +trace +all 1.2.4.2.x.y.z.example.com txt" and look at the > results. Somewhere in that chain there will be a broken delegation. > This may manifest itself as a authority section in the reply that > doesn't match the delegation.
The only thing that doesn't match is the TTL, 7200 on the delegation, 300 on the authoritative side. -- Leo Baltus, internetbeheerder /\ NPO ICT Internet Services /NPO/\ Sumatralaan 45, 1217 GP Hilversum, Filmcentrum, west \ /\/ beh...@omroep.nl, 035-6773555 \/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
