named FORMERR

Hi,

I’m getting many FORMERR in /var/log/messages, and I have no idea how to fix or get rid of them!

Oct 17 09:16:01 server named[10639]: DNS format error from 192.168.2.1#53 resolving dns.msftncsi.com/AAAA for client 192.168.100.102#56870: reply has no answer
Oct 17 09:16:01 server named[10639]: error (FORMERR) resolving 'dns.msftncsi.com/AAAA/IN': 192.168.2.1#53
Oct 17 09:17:37 server named[10639]: DNS format error from 192.168.2.1#53 resolving toolbar.search.msn.com.akadns.net/A for client 192.168.100.102#51713: reply has no answer
Oct 17 09:17:37 server named[10639]: error (FORMERR) resolving 'toolbar.search.msn.com.akadns.net/A/IN': 192.168.2.1#53
Oct 17 09:21:23 server named[10639]: DNS format error from 192.168.2.1#53 resolving a1799.d.akamai.net/A for client 192.168.100.102#59703: reply has no answer
Oct 17 09:21:23 server named[10639]: error (FORMERR) resolving 'a1799.d.akamai.net/A/IN': 192.168.2.1#53
Oct 17 09:23:16 server sshd[16085]: Accepted password for root from 109.85.192.203 port 37419 ssh2
Oct 17 09:24:39 server named[10639]: DNS format error from 192.168.2.1#53 resolving desktop2.l.google.com/A for client 192.168.100.100#61055: reply has no answer
Oct 17 09:24:39 server named[10639]: error (FORMERR) resolving 'desktop2.l.google.com/A/IN': 192.168.2.1#53
Oct 17 09:25:05 server named[10639]: DNS format error from 192.168.2.1#53 resolving g.gtld-servers.net/A: reply has no answer
Oct 17 09:25:05 server named[10639]: error (FORMERR) resolving 'g.gtld-servers.net/A/IN': 192.168.2.1#53
Oct 17 09:36:40 server named[10639]: DNS format error from 192.168.2.1#53 resolving id.l.google.com/A for client 192.168.100.102#53481: reply has no answer
Oct 17 09:36:40 server named[10639]: error (FORMERR) resolving 'id.l.google.com/A/IN': 192.168.2.1#53
Oct 17 09:36:40 server named[10639]: DNS format error from 192.168.2.1#53 resolving googlehosted.l.googleusercontent.com/A for client 192.168.100.102#62960: reply has no answer
Oct 17 09:36:40 server named[10639]: error (FORMERR) resolving 'googlehosted.l.googleusercontent.com/A/IN': 192.168.2.1#53
Oct 17 09:44:46 server named[10639]: DNS format error from 192.168.2.1#53 resolving clients.l.google.com/A for client 192.168.100.110#59174: reply has no answer
Oct 17 09:44:46 server named[10639]: error (FORMERR) resolving 'clients.l.google.com/A/IN': 192.168.2.1#53
Oct 17 09:50:49 server named[10639]: DNS format error from 192.168.2.1#53 resolving orig-10001.ligatus.cotcdn.net/A for client 192.168.100.100#50055: reply has no answer
Oct 17 09:50:49 server named[10639]: error (FORMERR) resolving 'orig-10001.ligatus.cotcdn.net/A/IN': 192.168.2.1#53
Oct 17 09:50:49 server named[10639]: DNS format error from 192.168.2.1#53 resolving www.wip.klicktel.de/A for client 192.168.100.100#59821: reply has no answer
Oct 17 09:50:49 server named[10639]: error (FORMERR) resolving 'www.wip.klicktel.de/A/IN': 192.168.2.1#53
Oct 17 09:50:49 server named[10639]: DNS format error from 192.168.2.1#53 resolving orig-10001.abilicom.cotcdn.net/A for client 192.168.100.100#49301: reply has no answer
Oct 17 09:50:49 server named[10639]: error (FORMERR) resolving 'orig-10001.abilicom.cotcdn.net/A/IN': 192.168.2.1#53
Oct 17 09:54:04 server named[10639]: DNS format error from 192.168.2.1#53 resolving clients.l.google.com/A for client 192.168.100.101#64566: reply has no answer
Oct 17 09:54:04 server named[10639]: error (FORMERR) resolving 'clients.l.google.com/A/IN': 192.168.2.1#53
Oct 17 09:55:41 server named[10639]: DNS format error from 192.168.2.1#53 resolving bmsgs-intl.ebay.com/A for client 192.168.100.101#53342: reply has no answer
Oct 17 09:55:41 server named[10639]: error (FORMERR) resolving 'bmsgs-intl.ebay.com/A/IN': 192.168.2.1#53
Oct 17 09:55:51 server named[10639]: DNS format error from 192.168.2.1#53 resolving wikipedia-lb.esams.wikimedia.org/A for client 192.168.100.100#54519: reply has no answer
Oct 17 09:55:51 server named[10639]: error (FORMERR) resolving 'wikipedia-lb.esams.wikimedia.org/A/IN': 192.168.2.1#53
Oct 17 09:55:53 server named[10639]: DNS format error from 192.168.2.1#53 resolving ads.adtiger.de/A for client 192.168.100.110#57201: reply has no answer
Oct 17 09:55:53 server named[10639]: error (FORMERR) resolving 'ads.adtiger.de/A/IN': 192.168.2.1#53
Oct 17 09:58:05 server named[10639]: DNS format error from 192.168.2.1#53 resolving ocsp.verisign.net/A for client 192.168.100.100#59363: reply has no answer
Oct 17 09:58:05 server named[10639]: error (FORMERR) resolving 'ocsp.verisign.net/A/IN': 192.168.2.1#53
Oct 17 09:58:05 server named[10639]: error (network unreachable) resolving 'ocsp.verisign.net/A/IN': 2001:503:a83e::2:31#53
Oct 17 09:58:10 server named[10639]: DNS format error from 192.168.2.1#53 resolving geotrust-ocsp-ilg.verisign.net/A for client 192.168.100.100#62157: reply has no answer
Oct 17 09:58:10 server named[10639]: error (FORMERR) resolving 'geotrust-ocsp-ilg.verisign.net/A/IN': 192.168.2.1#53
Oct 17 10:00:38 server named[10639]: DNS format error from 192.168.2.1#53 resolving a867.g.akamai.net/A for client 192.168.100.100#64242: reply has no answer
Oct 17 10:00:38 server named[10639]: error (FORMERR) resolving 'a867.g.akamai.net/A/IN': 192.168.2.1#53
Oct 17 10:06:25 server named[10639]: DNS format error from 192.168.2.1#53 resolving clients.l.google.com/A for client 192.168.100.102#65417: reply has no answer
Oct 17 10:06:25 server named[10639]: error (FORMERR) resolving 'clients.l.google.com/A/IN': 192.168.2.1#53
Oct 17 10:09:35 server named[10639]: DNS format error from 192.168.2.1#53 resolving a1363.g.akamai.net/A for client 192.168.100.104#51422: reply has no answer
Oct 17 10:09:35 server named[10639]: error (FORMERR) resolving 'a1363.g.akamai.net/A/IN': 192.168.2.1#53
Oct 17 10:10:13 server smbd[15683]: [2011/10/17 10:10:13.416020,  0] smbd/nttrans.c:2204(call_nt_transact_ioctl)
Oct 17 10:10:13 server smbd[15683]:   call_nt_transact_ioctl(0x1401c4): Currently not implemented.
Oct 17 10:10:22 server named[10639]: DNS format error from 192.168.2.1#53 resolving cs9.wac.edgecastcdn.net/A for client 192.168.100.100#59114: reply has no answer
Oct 17 10:10:22 server named[10639]: error (FORMERR) resolving 'cs9.wac.edgecastcdn.net/A/IN': 192.168.2.1#53

I googled the Problem, but mostly it was because of IPv6 Adresses (/AAAA/IN) but here it is mostly IPv4(/A/IN), Forwarder is enabled to 192.168.2.1(the router of our provider)…
Can someone help me fix this issue?
Thank you!

On 2011-10-17 10:16, Thorus wrote:
>
> Hi,
>
> I’m getting many FORMERR in /var/log/messages, and I have no idea how
> to fix or get rid of them!
>
>
> Code:
> --------------------
>
>
> Oct 17 09:16:01 server named[10639]: DNS format error from 192.168.2.1#53 resolving dns.msftncsi.com/AAAA for client 192.168.100.102#56870: reply has no answer
> Oct 17 09:16:01 server named[10639]: error (FORMERR) resolving ‘dns.msftncsi.com/AAAA/IN’: 192.168.2.1#53
>
>
> --------------------

Lets concentrate on one error. There is a DNS server at 192.168.2.1 which
is giving bad answers. It is being asked about a certain domain, and it’s
reply comes empty.

So, that DNS server is bad. Is it your router? Reboot it.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Ok thx I rebootet it and will watch if the messages with has no reply continues, if so I will talk to my provider cause I hardly can do any settings at that router and its only leased…

Can you tell me anything about the other errors?
It looks like there is only one other:

[10639]: error (network unreachable) resolving 'ocsp.verisign.net/A/IN': 2001:503:a83e::2:31#53

the rest is “the reply has no answer”…

Thanks so far:)

On 2011-10-17 14:46, Thorus wrote:
>
> Ok thx I rebootet it and will watch if the messages with has no reply
> continues, if so I will talk to my provider cause I hardly can do any
> settings at that router and its only leased…

If the DNS at it does not work right, you will have to use a different DNS,
either local to your network, or outside.

> Can you tell me anything about the other errors?
> It looks like there is only one other:
>
>
> Code:
> --------------------
>
> [10639]: error (network unreachable) resolving ‘ocsp.verisign.net/A/IN’: 2001:503:a83e::2:31#53
>
> --------------------

Well, it lies in IPv6, and if your router/ISP is not capable…

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

What do you mean by use a different DNS? Another software than bind9?

On 2011-10-17 15:26, Thorus wrote:
>
> What do you mean by use a different DNS? Another software than bind9?

You are using the DNS server in your router. You say you can not change it,
so if rebooting it doesn’t solve the issue, you have to create a DNS server
on another machine. With bind, of course.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Ah I expressed myself incorrect the DNS-Server, I get the messages is a DNS-Server, which forwards requests to our router so (reboot didn’t solve it) so I should forward it to another DNS-Server then our router? to some of the free ones in the internet, right?

On 2011-10-17 16:16, Thorus wrote:
>
> Ah I expressed myself incorrect the DNS-Server, I get the messages is a
> DNS-Server, which forwards requests to our router so (reboot didn’t
> solve it) so I should forward it to another DNS-Server then our router?
> to some of the free ones in the internet, right?

Right

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Thx, this seems to have solved it, since I changed the forwarder ip, no errors occured!

On 2011-10-18 07:26, Thorus wrote:
>
> Thx, this seems to have solved it, since I changed the forwarder ip, no
> errors occured!

That’s it. Your bind was reporting errors upstream.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)