Hello,
I'm unable to resolve 'allianz.pl', looks like dns1.allianz.pl and
dns2.allianz.pl are responding with malformed DNS packets.
Debug output from unbound-host -d reports:
[1248868247] libunbound[8999:0] debug: parse error on reply packet
Is anyone else seeing this issue?
Thanks very much,
Hello,
I'm unable to resolve 'allianz.pl', looks like dns1.allianz.pl and
dns2.allianz.pl are responding with malformed DNS packets.Debug output from unbound-host -d reports:
[1248868247] libunbound[8999:0] debug: parse error on reply packet
Is anyone else seeing this issue?
Yes, same on my system:
hauke@ls:~$ dig allianz.pl # using my unbound server
; <<>> DiG 9.4.2-P2 <<>> allianz.pl
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26341
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;allianz.pl. IN A
;; Query time: 933 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 29 15:07:01 2009
;; MSG SIZE rcvd: 28
hauke@ls:~$ dig @205.234.170.215 allianz.pl
; <<>> DiG 9.4.2-P2 <<>> @205.234.170.215 allianz.pl
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21705
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;allianz.pl. IN A
;; ANSWER SECTION:
allianz.pl. 3560 IN A 193.200.66.220
;; Query time: 134 msec
;; SERVER: 205.234.170.215#53(205.234.170.215)
;; WHEN: Wed Jul 29 15:07:06 2009
;; MSG SIZE rcvd: 44
My unbound version : (from unbound -h)
Version 1.2.1
libevent mini-event-1.2.1, libldns 1.5.0_20090205, OpenSSL 0.9.8g 19 Oct 2007
Regards
Hauke
Thanks very much,
--
Jakub Heichman
hauke hoffmann service and electronic systems
Moristeig 60, D-23556 Lübeck
Telefon: +49 (0) 451 8896462
Fax: +49 (0) 451 8896461
Mobil: +49 (0) 170 7580491
E-Mail: office@hauke-hoffmann.net
I'm unable to resolve 'allianz.pl', looks like dns1.allianz.pl and
dns2.allianz.pl are responding with malformed DNS packets.
I get the same thing. Manual queries with dig, with/without +dnssec
and/or +edns=0 seem to work fine. Bind also returns the address without
problems.
Debug output from unbound-host -d reports:
[1248868247] libunbound[8999:0] debug: parse error on reply packet
for Wouter:
[1248873376] libunbound[13422:0] info: DelegationPoint<allianz.pl.>: 2 names (0 missing), 2 addrs (0 result, 0 avail)
[1248873376] libunbound[13422:0] info: dns1.allianz.pl. * A
[1248873376] libunbound[13422:0] info: dns2.allianz.pl. * A
[1248873376] libunbound[13422:0] debug: ip4 62.29.164.72 port 53 (len 16)
[1248873376] libunbound[13422:0] debug: ip4 62.29.164.71 port 53 (len 16)
[1248873376] libunbound[13422:0] debug: attempt to get extra 3 targets
[1248873376] libunbound[13422:0] debug: out of query targets -- returning SERVFAIL
[1248873376] libunbound[13422:0] debug: store error response in message cache
[1248873376] libunbound[13422:0] debug: return error response SERVFAIL
[1248873376] libunbound[13422:0] debug: udp message[112:0] D7248410000100020000000107616C6C69616E7A02706C00000F000107616C6C69616E7A02706C00000F000100000E100014000505736D74703107616C6C69616E7A02706C0007616C6C69616E7A02706C00000F000100000E100014000505736D74703207616C6C69616E7A02706C00
Paul
I also get the same (unbound 1.3.1 on FreeBSD). That packet received from
Allianz has ARCOUNT==1 in the header but there's no RR in the additional
section. I've captured it with tcpdump too and it's the same so unbound isn't
parsing it incorrectly.
BTW, I get ``Warning: Message parser reports malformed message packet.'' from
dig if I do: dig @62.29.164.72 allianz.pl mx +dnssec
jm
The server listening at 62.29.164.72 is broken. It suffers from a vulnerability that was known already in 2004: dns ping pong (a server responding to responses, not just to queries). Effectively, a single packet can take this one out.
http://www.uniras.gov.uk/vuls/2004/758884/index.htm
Kind regards,
Roy Arends
Sr. Researcher
Nominet UK