Misbehavior Against DNS Queries for IPv6 Addresses?

Joseph T. Klein jtk at titania.net
Thu Jun 9 16:56:39 CEST 2005 

I would like a third party reality check on my conclusions regarding
the following logged error.

Up front questions:
- Possible sendmail work around?
- Other people could try and educate the city?
   (the CIO is rgschw at milwaukee.gov)

Before I start making a fuss I would like third party verification
that it is a City problem.

I am also interested in what systems and conditions produce the bad
AAAA record reply.

Situation: I turned on IPv6 for sendmail and my correspondence with
my local city ended up generating the following log entries.

Jun  4 02:25:39 monet named[92610]: FORMERR resolving 
'gwise.ci.mil.wi.us/AAAA/IN': 216.56.88.2#53
Jun  4 02:25:39 monet named[92610]: FORMERR resolving 
'gwise.ci.mil.wi.us/AAAA/IN': 216.54.131.251#53
Jun  4 02:25:42 monet named[92610]: FORMERR resolving 
'gwise.ci.mil.wi.us/AAAA/IN': 216.56.88.2#53
Jun  4 02:25:42 monet named[92610]: FORMERR resolving 
'gwise.ci.mil.wi.us/AAAA/IN': 216.54.131.251#53
Jun  4 02:25:42 monet named[92610]: FORMERR resolving 
'gwise.ci.mil.wi.us/AAAA/IN': 216.56.88.2#53
Jun  4 02:25:42 monet named[92610]: FORMERR resolving 
'gwise.ci.mil.wi.us/AAAA/IN': 216.54.131.251#53
Jun  4 02:25:43 monet named[92610]: FORMERR resolving 
'mhsgate.ci.mil.wi.us/AAAA/IN': 216.54.131.251#53
Jun  4 02:25:43 monet named[92610]: FORMERR resolving 
'mhsgate.ci.mil.wi.us/AAAA/IN': 216.56.88.2#53
Jun  4 02:25:46 monet named[92610]: FORMERR resolving 
'mhsgate.ci.mil.wi.us/AAAA/IN': 216.56.88.2#53
Jun  4 02:25:46 monet named[92610]: FORMERR resolving 
'mhsgate.ci.mil.wi.us/AAAA/IN': 216.54.131.251#53
Jun  4 02:25:46 monet named[92610]: FORMERR resolving 
'mhsgate.ci.mil.wi.us/AAAA/IN': 216.56.88.2#53
Jun  4 02:25:46 monet named[92610]: FORMERR resolving 
'mhsgate.ci.mil.wi.us/AAAA/IN': 216.54.131.251#53

After some reading I concluded this was the problem discussed
in RFC 4074

A dig on the listed MX primary for milwaukee.gov (The City of Milwaukee)

monet# dig AAAA mhsgate.ci.mil.wi.us

; <<>> DiG 9.3.1 <<>> AAAA mhsgate.ci.mil.wi.us
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28136
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mhsgate.ci.mil.wi.us.          IN      AAAA

;; Query time: 70 msec
;; SERVER: 192.133.102.1#53(192.133.102.1)
;; WHEN: Sat Jun  4 05:12:13 2005
;; MSG SIZE  rcvd: 38

Note how the header opcode returns status: SERVFAIL rather than
status: NOERROR. This is the same broken behavior as described
in RFC-4074.

Thank you for your help.
--
Joseph T. Klein

PSTN: +1 414 961 1690 VoIP: +1 414 431 4231 Mobile: +1 414 628 3380

More information about the ipv6-ops mailing list