queries with no RD bit set are truncating
Peter Andreev
andreev.peter at gmail.com
Tue Jun 16 10:33:46 UTC 2009
Kevin, this server is totally non-recursive. Neither recurse option is
enabled and packet size does not exceed 512 byte. May be it was some
temporarly bugs due to mysterious causes.
Below I post full sniffer's output for both queries:
No. Time Source Destination Protocol
Info
1 0.000000 193.110.129.66 194.85.61.20 DNS
Standard query MX lbr.ru
Frame 1 (66 bytes on wire, 66 bytes captured)
Arrival Time: Jun 9, 2009 10:21:34.405480000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Intel_db:50:96 (00:0e:0c:db:50:96), Dst:
All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
Destination: All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
Address: All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: Intel_db:50:96 (00:0e:0c:db:50:96)
Address: Intel_db:50:96 (00:0e:0c:db:50:96)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 193.110.129.66 (193.110.129.66), Dst: 194.85.61.20
(194.85.61.20)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x7b9b (31643)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 126
Protocol: UDP (0x11)
Header checksum: 0x7f03 [correct]
[Good: True]
[Bad : False]
Source: 193.110.129.66 (193.110.129.66)
Destination: 194.85.61.20 (194.85.61.20)
User Datagram Protocol, Src Port: 11173 (11173), Dst Port: domain (53)
Source port: 11173 (11173)
Destination port: domain (53)
Length: 32
Checksum: 0xec71 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 2]
Transaction ID: 0xc7e5
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated
data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
lbr.ru: type MX, class IN
Name: lbr.ru
Type: MX (Mail exchange)
Class: IN (0x0001)
No. Time Source Destination Protocol
Info
2 0.034553 194.85.61.20 193.110.129.66 DNS
Standard query response
Frame 2 (66 bytes on wire, 66 bytes captured)
Arrival Time: Jun 9, 2009 10:21:34.440033000
[Time delta from previous captured frame: 0.034553000 seconds]
[Time delta from previous displayed frame: 0.034553000 seconds]
[Time since reference or first frame: 0.034553000 seconds]
Frame Number: 2
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b), Dst: Intel_db:50:96
(00:0e:0c:db:50:96)
Destination: Intel_db:50:96 (00:0e:0c:db:50:96)
Address: Intel_db:50:96 (00:0e:0c:db:50:96)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b)
Address: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 194.85.61.20 (194.85.61.20), Dst: 193.110.129.66
(193.110.129.66)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x7b9b (31643)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: UDP (0x11)
Header checksum: 0xc903 [correct]
[Good: True]
[Bad : False]
Source: 194.85.61.20 (194.85.61.20)
Destination: 193.110.129.66 (193.110.129.66)
User Datagram Protocol, Src Port: domain (53), Dst Port: 11173 (11173)
Source port: domain (53)
Destination port: 11173 (11173)
Length: 32
Checksum: 0x0000 (none)
Good Checksum: False
Bad Checksum: False
Domain Name System (response)
[Request In: 1]
[Time: 0.034553000 seconds]
Transaction ID: 0xc7e5
Flags: 0x8600 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for
domain
.... ..1. .... .... = Truncated: Message is truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
lbr.ru: type MX, class IN
Name: lbr.ru
Type: MX (Mail exchange)
Class: IN (0x0001)
No. Time Source Destination Protocol
Info
7 79.586117 193.110.129.66 194.85.61.20 DNS
Standard query MX lbr.ru
Frame 7 (66 bytes on wire, 66 bytes captured)
Arrival Time: Jun 9, 2009 10:22:53.991597000
[Time delta from previous captured frame: 6.975743000 seconds]
[Time delta from previous displayed frame: 6.975743000 seconds]
[Time since reference or first frame: 79.586117000 seconds]
Frame Number: 7
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Intel_db:50:96 (00:0e:0c:db:50:96), Dst:
All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
Destination: All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
Address: All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: Intel_db:50:96 (00:0e:0c:db:50:96)
Address: Intel_db:50:96 (00:0e:0c:db:50:96)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 193.110.129.66 (193.110.129.66), Dst: 194.85.61.20
(194.85.61.20)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x4611 (17937)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 126
Protocol: UDP (0x11)
Header checksum: 0xb48d [correct]
[Good: True]
[Bad : False]
Source: 193.110.129.66 (193.110.129.66)
Destination: 194.85.61.20 (194.85.61.20)
User Datagram Protocol, Src Port: 19335 (19335), Dst Port: domain (53)
Source port: 19335 (19335)
Destination port: domain (53)
Length: 32
Checksum: 0x689d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 8]
Transaction ID: 0x2ad8
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated
data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
lbr.ru: type MX, class IN
Name: lbr.ru
Type: MX (Mail exchange)
Class: IN (0x0001)
No. Time Source Destination Protocol
Info
8 79.679224 194.85.61.20 193.110.129.66 DNS
Standard query response MX 10 MAIL.lbr.ru
Frame 8 (175 bytes on wire, 175 bytes captured)
Arrival Time: Jun 9, 2009 10:22:54.084704000
[Time delta from previous captured frame: 0.093107000 seconds]
[Time delta from previous displayed frame: 0.093107000 seconds]
[Time since reference or first frame: 79.679224000 seconds]
Frame Number: 8
Frame Length: 175 bytes
Capture Length: 175 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b), Dst: Intel_db:50:96
(00:0e:0c:db:50:96)
Destination: Intel_db:50:96 (00:0e:0c:db:50:96)
Address: Intel_db:50:96 (00:0e:0c:db:50:96)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b)
Address: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 194.85.61.20 (194.85.61.20), Dst: 193.110.129.66
(193.110.129.66)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 161
Identification: 0x48ea (18666)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 55
Protocol: UDP (0x11)
Header checksum: 0xf847 [correct]
[Good: True]
[Bad : False]
Source: 194.85.61.20 (194.85.61.20)
Destination: 193.110.129.66 (193.110.129.66)
User Datagram Protocol, Src Port: domain (53), Dst Port: 19335 (19335)
Source port: domain (53)
Destination port: 19335 (19335)
Length: 141
Checksum: 0x29a9 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 7]
[Time: 0.093107000 seconds]
Transaction ID: 0x2ad8
Flags: 0x8500 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for
domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 2
Additional RRs: 3
Queries
lbr.ru: type MX, class IN
Name: lbr.ru
Type: MX (Mail exchange)
Class: IN (0x0001)
Answers
lbr.ru: type MX, class IN, preference 10, mx MAIL.lbr.ru
Name: lbr.ru
Type: MX (Mail exchange)
Class: IN (0x0001)
Time to live: 1 day
Data length: 9
Preference: 10
Mail exchange: MAIL.lbr.ru
Authoritative nameservers
lbr.ru: type NS, class IN, ns ns3.nic.ru
Name: lbr.ru
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 10
Name server: ns3.nic.ru
lbr.ru: type NS, class IN, ns ns4.nic.ru
Name: lbr.ru
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 6
Name server: ns4.nic.ru
Additional records
MAIL.lbr.ru: type A, class IN, addr 213.184.248.227
Name: MAIL.lbr.ru
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 213.184.248.227
ns3.nic.ru: type A, class IN, addr 194.85.61.20
Name: ns3.nic.ru
Type: A (Host address)
Class: IN (0x0001)
Time to live: 4 hours, 57 minutes, 5 seconds
Data length: 4
Addr: 194.85.61.20
ns4.nic.ru: type A, class IN, addr 194.226.96.8
Name: ns4.nic.ru
Type: A (Host address)
Class: IN (0x0001)
Time to live: 4 hours, 57 minutes, 1 second
Data length: 4
Addr: 194.226.96.8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090616/c1702952/attachment.html>
More information about the bind-users
mailing list