Re: [Dnsmasq-discuss] Format Errors using add-subnet

[Scott Bonar]

Albert,


First let me be clear - I don't believe this is a DNSMasq issue since I can 
reproduce it with dig.  I was just hoping with all the DNS experts on this 
forum that someone would have seen this issue with the Windows Server and give 
me some pointers on possible solutions.


Second, here is an example trace of the error.


No. Time   SourceDestination   Protocol 
Length Info
  1 0.00   172.19.9.210  65.153.116.46 DNS  97  
   Standard query 0x7613 A www.google.com OPT

Frame 1: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: Shuttle_97:5f:7c (80:ee:73:97:5f:7c), Dst: JuniperN_b1:4a:e0 
(0c:86:10:b1:4a:e0)
Internet Protocol Version 4, Src: 172.19.9.210, Dst: 65.153.116.46
User Datagram Protocol, Src Port: 54012, Dst Port: 53
Domain Name System (query)
[Response In: 2]
Transaction ID: 0x7613
Flags: 0x0120 Standard query
0...    = Response: Message is a query
.000 0...   = Opcode: Standard query (0)
 ..0.   = Truncated: Message is not truncated
 ...1   = Recursion desired: Do query recursively
  .0..  = Z: reserved (0)
  ..1.  = AD bit: Set
  ...0  = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.google.com: type A, class IN
Name: www.google.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
: type OPT
Name: 
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x
0...    = DO bit: Cannot handle DNSSEC security RRs
.000    = Reserved: 0x
Data length: 12
Option: CSUBNET - Client subnet
Option Code: CSUBNET - Client subnet (8)
Option Length: 8
Option Data: 00012000ac1309d2
Family: IPv4 (1)
Source Netmask: 32
Scope Netmask: 0
Client Subnet: 172.19.9.210

No. Time   SourceDestination   Protocol 
Length Info
  2 0.025748   65.153.116.46 172.19.9.210  DNS  97  
   Standard query response 0x7613 Format error A www.google.com OPT

Frame 2: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: JuniperN_b1:4a:e0 (0c:86:10:b1:4a:e0), Dst: Shuttle_97:5f:7c 
(80:ee:73:97:5f:7c)
Internet Protocol Version 4, Src: 65.153.116.46, Dst: 172.19.9.210
User Datagram Protocol, Src Port: 53, Dst Port: 54012
Domain Name System (response)
[Request In: 1]
[Time: 0.025748000 seconds]
Transaction ID: 0x7613
Flags: 0x8101 Standard query response, Format error
1...    = Response: Message is a response
.000 0...   = Opcode: Standard query (0)
 .0..   = Authoritative: Server is not an authority for 
domain
 ..0.   = Truncated: Message is not truncated
 ...1   = Recursion desired: Do query recursively
  0...  = Recursion available: Server can't do recursive 
queries
  .0..  = Z: reserved (0)
  ..0.  = Answer authenticated: Answer/authority portion 
was not authenticated by the server
  ...0  = Non-authenticated data: Unacceptable
   0001 = Reply code: Format error (1)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.google.com: type A, class IN
Name: www.google.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
: type OPT
Name: 
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x
0...    = DO bit: Cannot handle DNSSEC security RRs
.000    = Reserved: 0x
Data length: 12
Option: CSUBNET - Client subnet
Option Code: CSUBNET - Client subnet (8)
Option Length: 8
Option Data: 00012000ac1309d2
Family: IPv4 (1)
Source Netmask: 32
Scope Netmask: 0
Client Subnet: 172.19.9.210



From: Albert ARIBAUD <albert.arib...@free.fr>
Sent: Wednesday, December 7, 2016 6:20:32 AM
To: Scott Bonar
Cc: dnsmasq-discuss@lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Format 

[Dnsmasq-discuss] Format Errors using add-subnet

[Scott Bonar]

When using this option (which I really need to do) for DNS queries, I get 
Format Errors from the upstream DNS servers if they are Windows Servers 2008 
through at least 2012.  Has anyone seen this and is there a workaround either 
in DNSMasq or Windows?

Your help is appreciated.

Scott Bonar
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Bug with EDNS packet size and DNS server files

[Scott Bonar]

All,

I believe I have stumbled on a bug in which the server->edns_pktsz field is not 
initialized to the daemon->edns_pktsz value
If they are loaded from a server file.  I believe this is because when 
read_opts() is called the servers_file option is parsed
And loaded into daemon->servers_file, but not read.  After all the options have 
been parse in read_opts, it then loops
Through all the servers and initializes edns_pktsz to daemon->edns_pktsz, but 
because the server file has not been
Read yet they are not initialize.  The server file is read later on in the 
async_event() function.

The one option that I have tested is in the function check_servers(), which 
called after the read_servers_file(), is as it
loops through the servers, check if edns_pktsz is 0 and if it is initialize it 
to daemon->edns_pktsz.

The best way I have found to test this is a) use the servers file as defined, 
b) use the add-subnet option which adds
An EDNS optional record to the DNS request, and c) disable the cache.  Then 
wireshark the DNS traffic.
You will see the first request has the EDNS packet length set to 0.  Some 
servers do not like this and return a SERVFAIL,
which triggers a resend, at which point the EDNS packet length is 1024 and the 
request is successful.

As you can see this is not optimal.

Thoughts? 


Scott Bonar | Cradlepoint 
o: +1.208.489.0029 | sbo...@cradlepoint.com

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Non-standard port and resolv.conf file

[Scott Bonar]

  
  
Is there anyway to have dnsmasq use the same server address parsing
when using the resolv.conf file as it does when using the 'server'
command line/config option?
My issue is that I want to use the resolv.conf file so I don't have
to restart dnsmasq, but the nameserver I am using also uses a
non-standard port, i.e. not 53.
On the command line I can do something like '111.222.333.444#5353',
but if I put this type of format in the resolv.conf file dnsmasq
does not like it.

Thx
-- 
  
  
  


Scott Bonar | Lead Software Engineer | 208.870.7851

   

  

  

  

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss