Message parser reports malformed message packet

Mark Andrews marka at isc.org
Tue Nov 5 12:33:39 UTC 2013 

In message <BLU172-W5120E3BCB8525EDD586934D3F10 at phx.gbl>, =?iso-8859-1?B?RuFiaW
8gR29tZXM=?= writes:
> Thank you, Mark.
> 
> I'm gonna try to contact the domain owners as well, but I noticed my
> enterprise DNS can get a correct answer for that domain. Is there any
> way I can force different response from localweb servers until I got
> this permanently fixed?
> Like force UDP packet sizes or disable EDNS for that domain?

You actually want to use EDNS with bigger packet sizes as you need
to get the entire response including additional records into the
UDP response.

Make sure your firewall passes fragmented packets and allows UDP
responses bigger than 512 bytes.  If your firewall in blocking
fragements or UDP responses bigger than 512 bytes then named will
be forced back to 512 bytes which will the interact badly with this
nameserver.

> Could you also,
> please, share the tcpdump line you used to get that package details?

	tcpdump -s 0 -X

> Regards
> 
> ----------------------------------------
> > To: flgoms at hotmail.com
> > CC: bind-users at isc.org
> > CC: postmaster at locaweb.com.br
> > From: marka at isc.org
> > Subject: Re: Message parser reports malformed message packet
> > Date: Tue, 5 Nov 2013 08:09:05 +1100
> >
> >
> > Their nameservers are broken. They are generating malformed
> > responses. They are sending partial records when the answer does
> > not fit. Note this ends halfway through a A record. Only the owner
> > name, class, type and the first two octets of the ttl are present
> > from the last RR.
> >
> > Any records / rrsets added to a DNS QUERY response should be
> > *complete*.
> >
> > I have CC'd postmaster at locaweb.com.br but you may want to try other
> > channels to inform them that they have broken nameservers.
> >
> > Mark
> >
> > 0x0000: 4500 021c 0000 4000 2c11 db95 c94c 2802 E..... at .,....L(.
> > 0x0010: c0a8 bf44 0035 ddf6 0208 7e6c 5f9a 8600 ...D.5....~l_...
> > 0x0020: 0001 0001 000d 000d 0377 7777 0773 6f6e .........www.son
> > 0x0030: 6461 6974 0674 6173 6b65 7203 636f 6d02 dait.tasker.com.
> > 0x0040: 6272 0000 0100 01c0 0c00 0500 0100 000e br..............
> > 0x0050: 1000 2e10 7472 6961 6c2d 3139 3130 3037 ....trial-191007
> > 0x0060: 3037 3639 0973 612d 6561 7374 2d31 0365 0769.sa-east-1.e
> > 0x0070: 6c62 0961 6d61 7a6f 6e61 7773 0363 6f6d lb.amazonaws.com
> > 0x0080: 0000 0002 0001 0007 e900 0014 0161 0c72 .............a.r
> > 0x0090: 6f6f 742d 7365 7276 6572 7303 6e65 7400 oot-servers.net.
> > 0x00a0: 0000 0200 0100 07e9 0000 0401 62c0 7200 ............b.r.
> > 0x00b0: 0002 0001 0007 e900 0004 0163 c072 0000 ...........c.r..
> > 0x00c0: 0200 0100 07e9 0000 0401 64c0 7200 0002 ..........d.r...
> > 0x00d0: 0001 0007 e900 0004 0165 c072 0000 0200 .........e.r....
> > 0x00e0: 0100 07e9 0000 0401 66c0 7200 0002 0001 ........f.r.....
> > 0x00f0: 0007 e900 0004 0167 c072 0000 0200 0100 .......g.r......
> > 0x0100: 07e9 0000 0401 68c0 7200 0002 0001 0007 ......h.r.......
> > 0x0110: e900 0004 0169 c072 0000 0200 0100 07e9 .....i.r........
> > 0x0120: 0000 0401 6ac0 7200 0002 0001 0007 e900 ....j.r.........
> > 0x0130: 0004 016b c072 0000 0200 0100 07e9 0000 ...k.r..........
> > 0x0140: 0401 6cc0 7200 0002 0001 0007 e900 0004 ..l.r...........
> > 0x0150: 016d c072 c070 0001 0001 0036 ee80 0004 .m.r.p.....6....
> > 0x0160: c629 0004 c08f 0001 0001 0036 ee80 0004 .).........6....
> > 0x0170: c0e4 4fc9 c09e 0001 0001 0036 ee80 0004 ..O........6....
> > 0x0180: c021 040c c0ad 0001 0001 0036 ee80 0004 .!.........6....
> > 0x0190: 8008 0a5a c0bc 0001 0001 0036 ee80 0004 ...Z.......6....
> > 0x01a0: c0cb e60a c0cb 0001 0001 0036 ee80 0004 ...........6....
> > 0x01b0: c005 05f1 c0da 0001 0001 0036 ee80 0004 ...........6....
> > 0x01c0: c070 2404 c0e9 0001 0001 0036 ee80 0004 .p$........6....
> > 0x01d0: 803f 0235 c0f8 0001 0001 0036 ee80 0004 .?.5.......6....
> > 0x01e0: c024 9411 c107 0001 0001 0036 ee80 0004 .$.........6....
> > 0x01f0: c03a 801e c116 0001 0001 0036 ee80 0004 .:.........6....
> > 0x0200: c100 0e81 c125 0001 0001 0036 ee80 0004 .....%.....6....
> > 0x0210: c620 400c c134 0001 0001 0036 .. at ..4.....6
> >
> >
> >
> > ;; Warning: Message parser reports malformed message packet.
> >
> > ; <<>> DiG 9.10.0a1 <<>> www.sondait.tasker.com.br @201.76.40.2 +nodnssec +
> noedns +ignore +besteffort +all +norec
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58468
> > ;; flags: qr aa tc; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: Message has 6 extra bytes at end
> >
> > ;; QUESTION SECTION:
> > ;www.sondait.tasker.com.br. IN A
> >
> > ;; ANSWER SECTION:
> > www.sondait.tasker.com.br. 3600 IN CNAME trial-1910070769.sa-east-1.elb.ama
> zonaws.com.
> >
> > ;; AUTHORITY SECTION:
> > . 518400 IN NS a.root-servers.net.
> > . 518400 IN NS b.root-servers.net.
> > . 518400 IN NS c.root-servers.net.
> > . 518400 IN NS d.root-servers.net.
> > . 518400 IN NS e.root-servers.net.
> > . 518400 IN NS f.root-servers.net.
> > . 518400 IN NS g.root-servers.net.
> > . 518400 IN NS h.root-servers.net.
> > . 518400 IN NS i.root-servers.net.
> > . 518400 IN NS j.root-servers.net.
> > . 518400 IN NS k.root-servers.net.
> > . 518400 IN NS l.root-servers.net.
> > . 518400 IN NS m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net. 3600000 IN A 198.41.0.4
> > b.root-servers.net. 3600000 IN A 192.228.79.201
> > c.root-servers.net. 3600000 IN A 192.33.4.12
> > d.root-servers.net. 3600000 IN A 128.8.10.90
> > e.root-servers.net. 3600000 IN A 192.203.230.10
> > f.root-servers.net. 3600000 IN A 192.5.5.241
> > g.root-servers.net. 3600000 IN A 192.112.36.4
> > h.root-servers.net. 3600000 IN A 128.63.2.53
> > i.root-servers.net. 3600000 IN A 192.36.148.17
> > j.root-servers.net. 3600000 IN A 192.58.128.30
> > k.root-servers.net. 3600000 IN A 193.0.14.129
> > l.root-servers.net. 3600000 IN A 198.32.64.12
> >
> > ;; Query time: 368 msec
> > ;; SERVER: 201.76.40.2#53(201.76.40.2)
> > ;; WHEN: Tue Nov 05 07:56:01 EST 2013
> > ;; MSG SIZE rcvd: 512
> >
> > In message <BLU172-W48A5D01599155E80E09D8AD3F60 at phx.gbl>, =?iso-8859-1?B?Ru
> FiaW
> > 8gR29tZXM=?= writes:
> >> Hi,
> >>
> >> I'm having issues trying to resolve www.sondait.tasker.com.br. The
> >> result from dig +trace is as follows:
> >>
> >>
> >>
> >> # dig www.sondait.tasker.com.br +trace
> >>
> >> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>>
> >> www.sondait.tasker.com.br +trace
> >> ;; global options: +cmd
> >> . 516836 IN NS c.root-servers.net.
> >> . 516836 IN NS a.root-servers.net.
> >> . 516836 IN NS f.root-servers.net.
> >> . 516836 IN NS i.root-servers.net.
> >> . 516836 IN NS j.root-servers.net.
> >> . 516836 IN NS b.root-servers.net.
> >> . 516836 IN NS h.root-servers.net.
> >> . 516836 IN NS k.root-servers.net.
> >> . 516836 IN NS m.root-servers.net.
> >> . 516836 IN NS l.root-servers.net.
> >> . 516836 IN NS d.root-servers.net.
> >> . 516836 IN NS e.root-servers.net.
> >> . 516836 IN NS g.root-servers.net.
> >> ;; Received 512 bytes from 172.31.1.254#53(172.31.1.254) in 13 ms
> >>
> >> br. 172800 IN NS a.dns.br.
> >> br. 172800 IN NS b.dns.br.
> >> br. 172800 IN NS c.dns.br.
> >> br. 172800 IN NS d.dns.br.
> >> br. 172800 IN NS e.dns.br.
> >> br. 172800 IN NS f.dns.br.
> >> ;; Received 323 bytes from 192.203.230.10#53(192.203.230.10) in 139 ms
> >>
> >> tasker.com.br. 86400 IN NS ns1.locaweb.com.br.
> >> tasker.com.br. 86400 IN NS ns2.locaweb.com.br.
> >> tasker.com.br. 86400 IN NS ns3.locaweb.com.br.
> >> ;; Received 153 bytes from 200.160.0.10#53(200.160.0.10) in 34 ms
> >>
> >> ;; Warning: Message parser reports malformed message packet.
> >> ;; Truncated, retrying in TCP mode.
> >> ;; Connection to 201.76.40.2#53(201.76.40.2) for
> >> www.sondait.tasker.com.br failed: connection refused.
> >> ;; Connection to 187.45.246.2#53(187.45.246.2) for
> >> www.sondait.tasker.com.br failed: connection refused.
> >> ;; Connection to 189.126.108.2#53(189.126.108.2) for
> >> www.sondait.tasker.com.br failed: connection refused.
> >>
> >>
> >> I don't know where to start to solve this issue. Using my Internet
> >> provider's DNS I got a positive answer.
> >>
> >> Could you please help me solve this issue?
> >>
> >>
> >> Thanks in advance.
> >> _______________________________________________
> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> >> unsubscribe from this list
> >>
> >> bind-users mailing list
> >> bind-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: marka at isc.org 		 	   
> 		  
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list