[dns-operations] Command Line BIND Query to Delegating Name Servers Gives FORMERR - Is this Bad for Normal DNS Operations by Public Resolvers?

[Jason Hynds]

Hi,

I hope that the following conforms to the content expected of this list.


I stumbled on some /name servers/ (a branch of a ccTLD, performing a 
public good service, as far as I know) which are giving a FORMat ERRor 
(FORMERR) to default /dig/ queries from the command line as described in 
the referenced webpage, see [1] below. The workaround of +nocookie 
described in the blog allows for a successful query response. /Nslookup/ 
queries work fine.


I should mention that I have no administrative authority of the name 
servers showing this condition. I'm just noticed the behaviour whilst 
checking on a DNS hosting migration for a client of the name servers 
exhibiting the behaviour.


Would someone be able to advise me on:

 1. How bad it may be for an authoritative or delegating name server to
    be exhibiting this behaviour?
 2. Does this potentially cause a resolution outage, or would a BIND
    server adjust and re-query in order to obtain a usable result?
 3. Is the BIND server non-compliant, or the likely Microsoft DNS
    non-compliant, to an RFC?
 4. How would I explain such an issue to a name server operator who I do
    not know?


I appreciate any guidance provided. I apologies in advance if I violated 
any list policy. Thanks for any assistance.


*REFERENCE*

    [1] FORMERR from Microsoft DNS Server for DIG. Posted January 20,
    2017 at 11:18 PM MST by Kevin Locke
    <https://kevinlocke.name/bits/2017/01/20/formerr-from-microsoft-dns-server-for-dig
    <https://kevinlocke.name/bits/2017/01/20/formerr-from-microsoft-dns-server-for-dig>>.


Regards,


Jason Hynds.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210920/56f8a072/attachment.html>