Message parser reports malformed message packet

Mark Andrews marka at isc.org
Mon Nov 4 21:09:05 UTC 2013 

Their nameservers are broken.  They are generating malformed 
responses.  They are sending partial records when the answer does
not fit.  Note this ends halfway through a A record.  Only the owner
name, class, type and the first two octets of the ttl are present
from the last RR.

Any records / rrsets added to a DNS QUERY response should be
*complete*.

I have CC'd postmaster at locaweb.com.br but you may want to try other
channels to inform them that they have broken nameservers.

Mark

	0x0000:  4500 021c 0000 4000 2c11 db95 c94c 2802  E..... at .,....L(.
	0x0010:  c0a8 bf44 0035 ddf6 0208 7e6c 5f9a 8600  ...D.5....~l_...
	0x0020:  0001 0001 000d 000d 0377 7777 0773 6f6e  .........www.son
	0x0030:  6461 6974 0674 6173 6b65 7203 636f 6d02  dait.tasker.com.
	0x0040:  6272 0000 0100 01c0 0c00 0500 0100 000e  br..............
	0x0050:  1000 2e10 7472 6961 6c2d 3139 3130 3037  ....trial-191007
	0x0060:  3037 3639 0973 612d 6561 7374 2d31 0365  0769.sa-east-1.e
	0x0070:  6c62 0961 6d61 7a6f 6e61 7773 0363 6f6d  lb.amazonaws.com
	0x0080:  0000 0002 0001 0007 e900 0014 0161 0c72  .............a.r
	0x0090:  6f6f 742d 7365 7276 6572 7303 6e65 7400  oot-servers.net.
	0x00a0:  0000 0200 0100 07e9 0000 0401 62c0 7200  ............b.r.
	0x00b0:  0002 0001 0007 e900 0004 0163 c072 0000  ...........c.r..
	0x00c0:  0200 0100 07e9 0000 0401 64c0 7200 0002  ..........d.r...
	0x00d0:  0001 0007 e900 0004 0165 c072 0000 0200  .........e.r....
	0x00e0:  0100 07e9 0000 0401 66c0 7200 0002 0001  ........f.r.....
	0x00f0:  0007 e900 0004 0167 c072 0000 0200 0100  .......g.r......
	0x0100:  07e9 0000 0401 68c0 7200 0002 0001 0007  ......h.r.......
	0x0110:  e900 0004 0169 c072 0000 0200 0100 07e9  .....i.r........
	0x0120:  0000 0401 6ac0 7200 0002 0001 0007 e900  ....j.r.........
	0x0130:  0004 016b c072 0000 0200 0100 07e9 0000  ...k.r..........
	0x0140:  0401 6cc0 7200 0002 0001 0007 e900 0004  ..l.r...........
	0x0150:  016d c072 c070 0001 0001 0036 ee80 0004  .m.r.p.....6....
	0x0160:  c629 0004 c08f 0001 0001 0036 ee80 0004  .).........6....
	0x0170:  c0e4 4fc9 c09e 0001 0001 0036 ee80 0004  ..O........6....
	0x0180:  c021 040c c0ad 0001 0001 0036 ee80 0004  .!.........6....
	0x0190:  8008 0a5a c0bc 0001 0001 0036 ee80 0004  ...Z.......6....
	0x01a0:  c0cb e60a c0cb 0001 0001 0036 ee80 0004  ...........6....
	0x01b0:  c005 05f1 c0da 0001 0001 0036 ee80 0004  ...........6....
	0x01c0:  c070 2404 c0e9 0001 0001 0036 ee80 0004  .p$........6....
	0x01d0:  803f 0235 c0f8 0001 0001 0036 ee80 0004  .?.5.......6....
	0x01e0:  c024 9411 c107 0001 0001 0036 ee80 0004  .$.........6....
	0x01f0:  c03a 801e c116 0001 0001 0036 ee80 0004  .:.........6....
	0x0200:  c100 0e81 c125 0001 0001 0036 ee80 0004  .....%.....6....
	0x0210:  c620 400c c134 0001 0001 0036            .. at ..4.....6



;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.10.0a1 <<>> www.sondait.tasker.com.br @201.76.40.2 +nodnssec +noedns +ignore +besteffort +all +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58468
;; flags: qr aa tc; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; WARNING: Message has 6 extra bytes at end

;; QUESTION SECTION:
;www.sondait.tasker.com.br.	IN	A

;; ANSWER SECTION:
www.sondait.tasker.com.br. 3600	IN	CNAME	trial-1910070769.sa-east-1.elb.amazonaws.com.

;; AUTHORITY SECTION:
.			518400	IN	NS	a.root-servers.net.
.			518400	IN	NS	b.root-servers.net.
.			518400	IN	NS	c.root-servers.net.
.			518400	IN	NS	d.root-servers.net.
.			518400	IN	NS	e.root-servers.net.
.			518400	IN	NS	f.root-servers.net.
.			518400	IN	NS	g.root-servers.net.
.			518400	IN	NS	h.root-servers.net.
.			518400	IN	NS	i.root-servers.net.
.			518400	IN	NS	j.root-servers.net.
.			518400	IN	NS	k.root-servers.net.
.			518400	IN	NS	l.root-servers.net.
.			518400	IN	NS	m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.	3600000	IN	A	198.41.0.4
b.root-servers.net.	3600000	IN	A	192.228.79.201
c.root-servers.net.	3600000	IN	A	192.33.4.12
d.root-servers.net.	3600000	IN	A	128.8.10.90
e.root-servers.net.	3600000	IN	A	192.203.230.10
f.root-servers.net.	3600000	IN	A	192.5.5.241
g.root-servers.net.	3600000	IN	A	192.112.36.4
h.root-servers.net.	3600000	IN	A	128.63.2.53
i.root-servers.net.	3600000	IN	A	192.36.148.17
j.root-servers.net.	3600000	IN	A	192.58.128.30
k.root-servers.net.	3600000	IN	A	193.0.14.129
l.root-servers.net.	3600000	IN	A	198.32.64.12

;; Query time: 368 msec
;; SERVER: 201.76.40.2#53(201.76.40.2)
;; WHEN: Tue Nov 05 07:56:01 EST 2013
;; MSG SIZE  rcvd: 512

In message <BLU172-W48A5D01599155E80E09D8AD3F60 at phx.gbl>, =?iso-8859-1?B?RuFiaW
8gR29tZXM=?= writes:
> Hi,
>
>   I'm having issues trying to resolve www.sondait.tasker.com.br. The
> result from dig +trace is as follows:
>
>
>
> # dig www.sondait.tasker.com.br +trace
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>>
> www.sondait.tasker.com.br +trace
> ;; global options: +cmd
> .                       516836  IN      NS      c.root-servers.net.
> .                       516836  IN      NS      a.root-servers.net.
> .                       516836  IN      NS      f.root-servers.net.
> .                       516836  IN      NS      i.root-servers.net.
> .                       516836  IN      NS      j.root-servers.net.
> .                       516836  IN      NS      b.root-servers.net.
> .                       516836  IN      NS      h.root-servers.net.
> .                       516836  IN      NS      k.root-servers.net.
> .                       516836  IN      NS      m.root-servers.net.
> .                       516836  IN      NS      l.root-servers.net.
> .                       516836  IN      NS      d.root-servers.net.
> .                       516836  IN      NS      e.root-servers.net.
> .                       516836  IN      NS      g.root-servers.net.
> ;; Received 512 bytes from 172.31.1.254#53(172.31.1.254) in 13 ms
>
> br.                     172800  IN      NS      a.dns.br.
> br.                     172800  IN      NS      b.dns.br.
> br.                     172800  IN      NS      c.dns.br.
> br.                     172800  IN      NS      d.dns.br.
> br.                     172800  IN      NS      e.dns.br.
> br.                     172800  IN      NS      f.dns.br.
> ;; Received 323 bytes from 192.203.230.10#53(192.203.230.10) in 139 ms
>
> tasker.com.br.          86400   IN      NS      ns1.locaweb.com.br.
> tasker.com.br.          86400   IN      NS      ns2.locaweb.com.br.
> tasker.com.br.          86400   IN      NS      ns3.locaweb.com.br.
> ;; Received 153 bytes from 200.160.0.10#53(200.160.0.10) in 34 ms
>
> ;; Warning: Message parser reports malformed message packet.
> ;; Truncated, retrying in TCP mode.
> ;; Connection to 201.76.40.2#53(201.76.40.2) for
> www.sondait.tasker.com.br failed: connection refused.
> ;; Connection to 187.45.246.2#53(187.45.246.2) for
> www.sondait.tasker.com.br failed: connection refused.
> ;; Connection to 189.126.108.2#53(189.126.108.2) for
> www.sondait.tasker.com.br failed: connection refused.
>
>
> I don't know where to start to solve this issue. Using my Internet
> provider's DNS I got a positive answer.
>
> Could you please help me solve this issue?
>
>
> Thanks in advance. 		 	   		
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list