Lame server, FORMERR and RCODE messages

Help! (Home for newbies)
1

After the last update I ran “Recheck Config” and got a message that I had to add 127.0.0.1 to my list of DNS servers, I added the IP to the list and now I started to get these messages in /var/log/messages log file.
Oct 21 16:54:53 server1 named[4009]: FORMERR resolving ‘domain.tld/MX/IN’: xxx.xxx.xxx.xxx#53
Oct 21 18:19:05 server1 named[4009]: unexpected RCODE (SERVFAIL) resolving ‘xxx.xxx.xxx.xxx.in-addr.arpa/PTR/IN’: xxx.xxx.xxx.xxx#53
Oct 21 18:19:05 server1 named[4009]: lame server resolving ‘xxx.xxx.xxx.xxx.in-addr.arpa’ (in ‘xxx.xxx.xxx.in-addr.arpa’?): xxx.xxx.xxx.xxx#53

I get hundreds, sometimes thousands of these every 24 hour!
What are they, are they something that I should worry about?
If they are something I can disregard, can I somehow suppress these messages?

Regards,
Leif

2

Hi There,

No one that know what this is? Joe, Jamie, anyone?

All help is appreciated!

Regards,
Leif

3

I dunno. FORMERR means format error…which means a query in an unsupported format. Maybe an IPv6 lookup.

You shouldn’t disregard hundreds of them…they probably mean something is misconfigured in your name server. What that might be is hard to guess. :wink:

4

Hi Joe,

I just checked the log and there where about 1050 lines of these messages the last 24 hours, also many lines with "last message repeated xx times".

It all started after I added 127.0.0.1 to the list of DNS Servers (in Network Configuration -> Hostname and DNS Client -> DNS Client Options) as the "Recheck Config" suggested. If I remove 127.0.0.1 the messages stops again, but "Recheck Config" fails. I have never seen these messages before, not even once.

I hade just two IP’s in the DNS server List before I added 127.0.0.1.
Our two name servers is on other separate machines.

Any ideas?

5

lame server resolving SOLUTION!!!

THE reason is people on the net are LEECHING.

They are using your server to resolve the internet instead instead of their own DNS server that their ISP gave them.

SO when they try to surf to www.cnet.com it does a lookup to find out where in the world www.cnet.com is and uses your server to resolve it.

www.cnet.com (for humans) 216.239.122.220 (for computers)

If you don’t want the rest of the world using part of your server to do lookups then follow these simple instructions.

These instructions will change your BIND configuration so it will
ONLY RESOLVE your DOMAINS and NOT the REST OF THE NET.

You NEED to KNOW your IP ADDRESSES!!!

If you already know what they are then skip steps A-H and jump to
Steps 1-18

A) Open your favorite browser to your virtualmin server.
https://your_domain.com:10000

B) Type your Login and Password

C) Top Left Click on "Webmin"

D) Left Side Click on "Networking"

E) Then Once it expands Click on "Network Configuration"

F) Click on “Network Interfaces” it’s icon is a network card

G) Write down all of the IP addresses you see.
IF You Don’t You’ll BE SORRY!

H) Click "Logout" on the bottom Left

  1. Open your favorite browser to your virtualmin server.
    https://your_domain.com:10000

  2. Type your Login and Password

  3. Top Left Click on "Webmin"

  4. Left Side Click on "Servers"

  5. Then Once it expands Click on "BIND DNS Server"

  6. Click on “Access Control Lists” it’s icon is a lock

  7. In the Small Left box type "dnssrvs"

  8. In the Big Right box type Your DNS servers separated by a space.
    example "74.44.441.1 74.44.441.254 62.44.441.1"

  9. Click Save

  10. Click on "Access Control Lists" again

  11. In the Small Left box type "localip"

  12. In the Big Right box type Your Private and Public IP Addresses of your server (including virtual IP addresses), separated by a space.
    example "74.44.441.12 74.44.441.13 192.168.1.100"

Note: If you don’t fill in your correct ip addresses for “localip”
Your OWN SERVER won’t be able find your domains and YOU WILL
NOT BE ABLE TO VIEW YOUR SERVER’S WEB PAGES, SEND OR RECIEVE
EMAIL ANYMORE!!! Basically you will be in a world of hurt :frowning:

If you are LOST AND NEED YOUR IP ADDESSES DO STEPS A-H FIRST
(found at the TOP - you skipped that step didn’t you…)

  1. Click Save

  2. Click on "Miscellaneous Options" the icon is a screw driver and
    a wrench

  3. Find the Option titled "Do full recursive lookups for clients?"
    and Choose "No" (this stops others from using your server)

  4. Click "Save"

  5. Click "Apply Changes" button

  6. Click "Logout" on the bottom Left

OK so how do I check it?

Windows Method -
20) Start ->Run -> cmd
21) Type "nslookup -your_server_name" (PRESS ENTER)
example "mail.yahoo.com"
22) At the ">" type "cnet.com" (PRESS ENTER)
you should get:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Served by:

(This means your server said go to the ROOT servers and ask them)

  1. At the ">" type "your_domain" (PRESS ENTER)
    example "myownserver.com"
    you should get:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Name: myownserver.com
Address: 74.44.441.12
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

(Your server answered ONLY A DOMAIN it is in charge of)

Linux Method
(Hard Core Command line :slight_smile: )

  1. Drop to a shell

  2. At the "[myname@ns1]$" type "sudo dig cnet.com @127.0.0.1"
    You Should get:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; <<>> DiG 9.3.4-P1 <<>> cnet.com @127.0.0.1
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30190
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;cnet.com. IN A

;; AUTHORITY SECTION:
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 26 05:21:30 2007
;; MSG SIZE rcvd: 237
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

(This means your server said go to the ROOT servers and ask them)

  1. At the "[myname@ns1]$" type "sudo dig myownserver.com @127.0.0.1"
    You Should get:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; <<>> DiG 9.3.4-P1 <<>> myownserver.com @127.0.0.1
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13709
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;myownserver.com. IN A

;; ANSWER SECTION:
myownserver.com. 38400 IN A 74.44.441.12

;; AUTHORITY SECTION:
myownserver.com. 38400 IN NS ns3.myownserver.com.
myownserver.com. 38400 IN NS ns.myownserver.com.
myownserver.com. 38400 IN NS ns2.myownserver.com.

;; ADDITIONAL SECTION:
ns.myownserver.com. 38400 IN A 74.44.441.1
ns2.myownserver.com. 38400 IN A 74.44.441.254
ns3.myownserver.com. 38400 IN A 62.44.441.1

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 26 05:24:24 2007
;; MSG SIZE rcvd: 143
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

(Your server answered ONLY A DOMAIN it is in charge of)

Done! Whew Go have a DrPepper or Mtn Dew or Cup of java.<br><br>Post edited by: BurtAdjoodani, at: 2007/10/26 01:41

6

I skipped h, 1, 2, and 3…is that okay??

:wink:

7

Hi BurtAdjoodani,

I had to "visit" a hospital last week with a heart problem so I have not been able to answer earlier, anyway… thanks for your reply!
I will take a look at your suggestions, and probably apply them to our server.

I’ll keep you posted!

Regards,
Leif