Ask for hints for DNS TCP request
jiangtao
jiangtao.hu at gmail.com
Thu Aug 4 21:41:01 UTC 2005
Hi,
I am not sure if I send it to the corrent mail list. If not, please
forgive me to bother you.
I sent the DNS request(my.calendars.net) over UDP to the
server(138.23.201.101) and the server returned the truncated response,
for it is too big. So I sent the request again over TCP and I got
nothing from the server. But "dig +tcp @138.23.201.101
my.calendars.net" works.
I compared my packet with that of dig sent. They are the same. But I
didn't get any further response while dig got the correct one.
1234 0000 0001 0000 0000 0000 ...i.4..........
0x0040: 026d 7909 6361 6c65 6e64 6172 7303 6e65 .my.calendars.ne
0x0050: 7400 0001 0001 t.....
Do I miss sth? Any hints? Thanks a lot.
-jiangtao
$ tcpdump -s 0 -X -vvv host 138.23.201.101 and port 53
15:36:12.520363 IP (tos 0x0, ttl 64, id 58950, offset 0, flags [DF],
proto: TCP (6), length: 60) df10.ucr.edu.5229 > ns3.ucr.edu.domain: S,
cksum 0x5b08 (correct), 2583184277:2583184277(0) win 5840 <mss
1460,sackOK,timestamp 192390611 0,nop,wscale 2>
0x0000: 4500 003c e646 4000 4006 21c3 8a17 551e E..<.F at .@.!...U.
0x0010: 8a17 c965 146d 0035 99f8 4395 0000 0000 ...e.m.5..C.....
0x0020: a002 16d0 5b08 0000 0204 05b4 0402 080a ....[...........
0x0030: 0b77 a5d3 0000 0000 0103 0302 .w..........
15:36:12.520731 IP (tos 0x0, ttl 61, id 13339, offset 0, flags [DF],
proto: TCP (6), length: 64) ns3.ucr.edu.domain > df10.ucr.edu.5229: S,
cksum 0xa4d3 (correct), 1741081486:1741081486(0) ack 2583184278 win
49232 <nop,nop,timestamp 249608297 192390611,mss 1460,nop,wscale
0,nop,nop,sackOK>
0x0000: 4500 0040 341b 4000 3d06 d6ea 8a17 c965 E.. at 4.@.=......e
0x0010: 8a17 551e 0035 146d 67c6 cb8e 99f8 4396 ..U..5.mg.....C.
0x0020: b012 c050 a4d3 0000 0101 080a 0ee0 b869 ...P...........i
0x0030: 0b77 a5d3 0204 05b4 0103 0300 0101 0402 .w..............
15:36:12.520755 IP (tos 0x0, ttl 64, id 58952, offset 0, flags [DF],
proto: TCP (6), length: 52) df10.ucr.edu.5229 > ns3.ucr.edu.domain: .,
cksum 0xa03a (correct), 1:1(0) ack 1 win 1460 <nop,nop,timestamp
192390612 249608297>
0x0000: 4500 0034 e648 4000 4006 21c9 8a17 551e E..4.H at .@.!...U.
0x0010: 8a17 c965 146d 0035 99f8 4396 67c6 cb8f ...e.m.5..C.g...
0x0020: 8010 05b4 a03a 0000 0101 080a 0b77 a5d4 .....:.......w..
0x0030: 0ee0 b869 ...i
15:36:12.520997 IP (tos 0x0, ttl 64, id 58954, offset 0, flags [DF],
proto: TCP (6), length: 86) df10.ucr.edu.5229 > ns3.ucr.edu.domain: P,
cksum 0x1d5c (correct), 1:35(34) ack 1 win 1460 <nop,nop,timestamp
192390612 249608297> 0 [b2&3=0x1] [0q] [621au] ar: <ELT 57>[|domain]
0x0000: 4500 0056 e64a 4000 4006 21a5 8a17 551e E..V.J at .@.!...U.
0x0010: 8a17 c965 146d 0035 99f8 4396 67c6 cb8f ...e.m.5..C.g...
0x0020: 8018 05b4 1d5c 0000 0101 080a 0b77 a5d4 .....\.......w..
0x0030: 0ee0 b869 1234 0000 0001 0000 0000 0000 ...i.4..........
0x0040: 026d 7909 6361 6c65 6e64 6172 7303 6e65 .my.calendars.ne
0x0050: 7400 0001 0001 t.....
15:36:12.521230 IP (tos 0x0, ttl 61, id 13340, offset 0, flags [DF],
proto: TCP (6), length: 52) ns3.ucr.edu.domain > df10.ucr.edu.5229: .,
cksum 0xe57b (correct), 1:1(0) ack 35 win 49232 <nop,nop,timestamp
249608297 192390612>
0x0000: 4500 0034 341c 4000 3d06 d6f5 8a17 c965 E..44. at .=......e
0x0010: 8a17 551e 0035 146d 67c6 cb8f 99f8 43b8 ..U..5.mg.....C.
0x0020: 8010 c050 e57b 0000 0101 080a 0ee0 b869 ...P.{........i
0x0030: 0b77 a5d4 .w..
More information about the bind-users
mailing list