Re: AXFR from Windows 2008R2 failing after upgrading to 9.18

Mark Andrews Mon, 23 May 2022 21:56:10 -0700

Firstly upgrade the primary.  Microsoft issued a fix for this March 2019.

Unknown EDNS options are supposed to be ignored and not produce FORMERR.
Named has stopped working around broken servers that return FORMERR to unknown
EDNS options and include the OPT record.  It has also stopped working around
servers that just echo back the request (including the OPT record) when sending
FORMERR when the server doesn’t understand EDNS.  These servers should be
constructing a DNS HEADER from the request with RCODE set to FORMERR and if
the request was a QUERY and they could parse the QUESTION adding that as well
as per RFC 1034.  The DNS header alone is enough to send FORMERR.  No where in
any RFC does it say to echo back the request when sending FORMERR.


FORMERR + OPT indicates the server understands EDNS.

You can workaround this by adding “server 1.1.2.2 { request-expire no; };” to
named.conf.

Mark

> On 24 May 2022, at 11:12, Lefteris Tsintjelis via bind-users 
> <bind-users@lists.isc.org> wrote:
> 
> I turned on all logs channels and this is the error I get:
> 
> zone domain.com/IN: refresh: unexpected rcode (FORMERR) from 
> primary1.1.2.2#53 (source 0.0.0.0#0
> 
> tcpdump seems to also agree with the FORMERR
> 
> 1.1.2.2.domain > secondary.58648: 113 FormErr- 0/0/1 (45)
> 
> Regards,
> 
> Lefteris
> 
> On 24/5/2022 3:00, Grant Taylor via bind-users wrote:
>> On 5/23/22 5:55 PM, Lefteris Tsintjelis via bind-users wrote:
>>> Nothing actually. Windows logs are clean. Unix logs also.
>> #trustTheBitsOnTheWire
>> #useTheSniffer
>> I'd start by capturing w/ tcpdump using the `-s 0` and `-w 
>> /path/to/capture.pcapng` options.  Then use Wireshark to analyze the packet 
>> capture.
>> You may see the problem with tcpdump, especially if you turn verbosity up.  
>> But Wireshark has some much nicer decoding and display than tcpdump does.
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: AXFR from Windows 2008R2 failing after upgrading to 9.18

Reply via email to