On Nov 7, 2008, at 6:06 AM, root wrote:
> I have set up ISP bind 9.4.2-39.2 and ICP DHCP 3.0.6-86.1 for a local
> network of me.
>
> Since a few days I have heavy problems with the resolved of foreign
> domain-names.
>
> Often these are not resolved properly and the clients receive
> "Address not
> found" errors, e.g. in their browsers when they try to access some
> websites.
>
> Having a look in the syslog I am receiving the following error
> message:
>
> FORMERR resolving '/A/IN':#53
>
> I receive 15 of these messages for each attempt to resolve a single
> address!
> With other words my syslog is full of those messages!
>
> The messages are all the same, except of the IP address at the end.
>
> Having had a closer look to this IPs I realized, that the 15 IPs are
> the IPs
> of my forwarders and of the root-servers found in the root.hint of
> bind!!



It could be that some firewall is mangling your DNS requests in
transit. When it's happening, try using 'dig' to query a root server.
For example:

dig @k.root-servers.net de ns

Check for the status in the header of the output. It should say,
"status: NOERROR".

You might want to try disabling forwarding. You probably don't need
it. If you don't need it, then you're almost certainly better off
without it.

Your root hints file should just contain the actual root servers
(names and addresses, in the form of NS and A records).

Chris Buxton
Professional Services
Men & Mice