On 29/11/12 10:17, Martin D Kealey wrote:
AFAIK this is because the "primary nameserver" field in the SOA record doesn't one of the NS records in the delegation from the parent zone.
Mark Andrews at ISC: https://lists.isc.org/pipermail/bind-users/2010-April/079804.html
Actually that's a secondary symptom, not the reason.
In theory this indicates a potential MITM attack, but more likely just ignorance of the people running the nameservers, so I'd just filter it.
What I have seen is some kind of device in the path doing packet inspection and not being able to understand the type you are requesting. When that happens, in some cases the reply is dropped, in other cases is mangled. You can't discard the presence of the Great Firewall from China, there are a few documented cases http://arstechnica.com/tech-policy/2010/03/china-censorship-leaks-outside-gr... http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml Cheers,
-Martin
On Thu, 29 Nov 2012, Richard Hector wrote:
Sorry if this is off topic.
I'm seeing a bunch of this (and have been for ages) in my bind logs:
Nov 28 23:14:58 jet named[28427]: DNS format error from 120.204.202.200#53 resolving ns-os1.qq.com/AAAA: invalid response
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535