How to use "dns_new()" (I get "dns_new: Assertion `(copy->dnsc_flags & DNS_INITED)' failed")
Iñaki Baz Castillo
ibc at aliax.net
Sat Feb 5 21:13:21 MSK 2011
2011/2/5 Michael Tokarev <mjt at tls.msk.ru>:
>> But if you comment the second dns_init() it takes 31 seconds to
>> terminate and performs invalid/malformed DNS queries after receiving
>> the response "0011 No such name"). I've checked it with tcpdump and
>> wireshark.
>
> invalid queries is a good indicator of some issue. Please try without
> second init but give it absolute domain name (the one which ends with
> a dot) - it should complete immediately.
Yes, it does :)
>> NOTE: I use udns 0.9 version (Ubuntu). Could this issue make reference
>> to a change in 1.0?:
>>
>> 0.1 (Dec 2010)
>> - bugfix: udns_new(old) - when actually cloning another context -
>> makes the new context referencing memory from old, which leads
>> to crashes when old is modified later
>
> Yes, that's quite possible consequence too.
>
> I just verified with 0.1 (note it's not 0.9 and 1.0, it's 0.0.9 and 0.1 ;),
> and it works just fine. The fix is trivial:
>
> Index: udns_resolver.c
> diff -p -u -r1.98 -r1.99
> --- udns_resolver.c 10 Jan 2007 13:32:33 -0000 1.98
> +++ udns_resolver.c 1 Dec 2010 14:33:48 -0000 1.99
> @@ -467,6 +467,8 @@ struct dns_ctx *dns_new(const struct dns
> ctx->dnsc_nactive = 0;
> ctx->dnsc_pbuf = NULL;
> ctx->dnsc_qstatus = 0;
> + ctx->dnsc_srchend = ctx->dnsc_srchbuf +
> + (copy->dnsc_srchend - copy->dnsc_srchbuf);
> ctx->dnsc_utmfn = NULL;
> ctx->dnsc_utmctx = NULL;
> ctx->dnsc_nextid = dns_random16();
>
>
> However, even without the fix, it should not time out -
> unless it produces really bogus queries. Which queries
> it performs?
- First it sends a correct DNS A query to DNS server 1.
- Server 1 replies "0011 No such name".
- udns then sends a malformed query to server 1 (no reply).
- Then to server 2.
- Then to server 1.
- Then to server 2.
- And so on...
- After ~30 seconds it ends with error NXDOMAIN.
I attach a full network capture (I query "aliax.nettt" which doesn't
exist). My DNS servers in resolv.conf are 8.8.8.8 and 8.8.4.4.
PS: If you prefer the tcpdump binary capture ask it to me please.
--
Iñaki Baz Castillo
<ibc at aliax.net>
-------------- next part --------------
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.12 8.8.8.8 DNS Standard query A aliax.nettt
Frame 1 (82 bytes on wire, 82 bytes captured)
Arrival Time: Feb 5, 2011 18:48:24.542698000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 82 bytes
Capture Length: 82 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6), Dst: Draytek_96:73:28 (00:50:7f:96:73:28)
Destination: Draytek_96:73:28 (00:50:7f:96:73:28)
Address: Draytek_96:73:28 (00:50:7f:96:73:28)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
Address: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.12 (192.168.1.12), Dst: 8.8.8.8 (8.8.8.8)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 68
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x68e5 [correct]
[Good: True]
[Bad : False]
Source: 192.168.1.12 (192.168.1.12)
Destination: 8.8.8.8 (8.8.8.8)
User Datagram Protocol, Src Port: 40040 (40040), Dst Port: domain (53)
Source port: 40040 (40040)
Destination port: domain (53)
Length: 48
Checksum: 0x83d7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 2]
Transaction ID: 0x4790
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
aliax.nettt: type A, class IN
Name: aliax.nettt
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
0000 00 50 7f 96 73 28 00 26 18 fe 6d b6 08 00 45 00 .P..s(.&..m...E.
0010 00 44 00 00 40 00 40 11 68 e5 c0 a8 01 0c 08 08 .D.. at .@.h.......
0020 08 08 9c 68 00 35 00 30 83 d7 47 90 01 00 00 01 ...h.5.0..G.....
0030 00 00 00 00 00 01 05 61 6c 69 61 78 05 6e 65 74 .......aliax.net
0040 74 74 00 00 01 00 01 00 00 29 10 00 00 00 00 00 tt.......)......
0050 00 00 ..
No. Time Source Destination Protocol Info
2 0.102470 8.8.8.8 192.168.1.12 DNS Standard query response, No such name
Frame 2 (157 bytes on wire, 157 bytes captured)
Arrival Time: Feb 5, 2011 18:48:24.645168000
[Time delta from previous captured frame: 0.102470000 seconds]
[Time delta from previous displayed frame: 0.102470000 seconds]
[Time since reference or first frame: 0.102470000 seconds]
Frame Number: 2
Frame Length: 157 bytes
Capture Length: 157 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Draytek_96:73:28 (00:50:7f:96:73:28), Dst: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
Destination: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
Address: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Draytek_96:73:28 (00:50:7f:96:73:28)
Address: Draytek_96:73:28 (00:50:7f:96:73:28)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 8.8.8.8 (8.8.8.8), Dst: 192.168.1.12 (192.168.1.12)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 143
Identification: 0x5607 (22023)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 50
Protocol: UDP (0x11)
Header checksum: 0x6093 [correct]
[Good: True]
[Bad : False]
Source: 8.8.8.8 (8.8.8.8)
Destination: 192.168.1.12 (192.168.1.12)
User Datagram Protocol, Src Port: domain (53), Dst Port: 40040 (40040)
Source port: domain (53)
Destination port: 40040 (40040)
Length: 123
Checksum: 0x432f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 1]
[Time: 0.102470000 seconds]
Transaction ID: 0x4790
Flags: 0x8183 (Standard query response, No such name)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0011 = Reply code: No such name (3)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
aliax.nettt: type A, class IN
Name: aliax.nettt
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
<Root>: type SOA, class IN, mname a.root-servers.net
Name: <Root>
Type: SOA (Start of zone of authority)
Class: IN (0x0001)
Time to live: 25 minutes, 4 seconds
Data length: 64
Primary name server: a.root-servers.net
Responsible authority's mailbox: nstld.verisign-grs.com
Serial number: 2011020500
Refresh interval: 30 minutes
Retry interval: 15 minutes
Expiration limit: 7 days
Minimum TTL: 1 day
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
0000 00 26 18 fe 6d b6 00 50 7f 96 73 28 08 00 45 00 .&..m..P..s(..E.
0010 00 8f 56 07 00 00 32 11 60 93 08 08 08 08 c0 a8 ..V...2.`.......
0020 01 0c 00 35 9c 68 00 7b 43 2f 47 90 81 83 00 01 ...5.h.{C/G.....
0030 00 00 00 01 00 01 05 61 6c 69 61 78 05 6e 65 74 .......aliax.net
0040 74 74 00 00 01 00 01 00 00 06 00 01 00 00 05 e0 tt..............
0050 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 . at .a.root-server
0060 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 s.net..nstld.ver
0070 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 77 dd isign-grs.com.w.
0080 bc d4 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 ............:...
0090 51 80 00 00 29 02 00 00 00 00 00 00 00 Q...)........
No. Time Source Destination Protocol Info
3 0.102637 192.168.1.12 8.8.8.8 DNS Standard query Unknown (256) <Root>[Malformed Packet]
Frame 3 (69 bytes on wire, 69 bytes captured)
Arrival Time: Feb 5, 2011 18:48:24.645335000
[Time delta from previous captured frame: 0.000167000 seconds]
[Time delta from previous displayed frame: 0.000167000 seconds]
[Time since reference or first frame: 0.102637000 seconds]
Frame Number: 3
Frame Length: 69 bytes
Capture Length: 69 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6), Dst: Draytek_96:73:28 (00:50:7f:96:73:28)
Destination: Draytek_96:73:28 (00:50:7f:96:73:28)
Address: Draytek_96:73:28 (00:50:7f:96:73:28)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
Address: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.12 (192.168.1.12), Dst: 8.8.8.8 (8.8.8.8)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 55
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x68f2 [correct]
[Good: True]
[Bad : False]
Source: 192.168.1.12 (192.168.1.12)
Destination: 8.8.8.8 (8.8.8.8)
User Datagram Protocol, Src Port: 40040 (40040), Dst Port: domain (53)
Source port: 40040 (40040)
Destination port: domain (53)
Length: 35
Checksum: 0x1fa1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
Transaction ID: 0x4791
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type Unknown (256), class Unknown (256)
Name: <Root>
Type: Unknown (256)
Class: Unknown (0x0100)
Additional records
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
0000 00 50 7f 96 73 28 00 26 18 fe 6d b6 08 00 45 00 .P..s(.&..m...E.
0010 00 37 00 00 40 00 40 11 68 f2 c0 a8 01 0c 08 08 .7.. at .@.h.......
0020 08 08 9c 68 00 35 00 23 1f a1 47 91 01 00 00 01 ...h.5.#..G.....
0030 00 00 00 00 00 01 00 01 00 01 00 00 29 10 00 00 ............)...
0040 00 00 00 00 00 .....
No. Time Source Destination Protocol Info
4 1.103736 192.168.1.12 8.8.4.4 DNS Standard query Unknown (256) <Root>[Malformed Packet]
Frame 4 (69 bytes on wire, 69 bytes captured)
Arrival Time: Feb 5, 2011 18:48:25.646434000
[Time delta from previous captured frame: 1.001099000 seconds]
[Time delta from previous displayed frame: 1.001099000 seconds]
[Time since reference or first frame: 1.103736000 seconds]
Frame Number: 4
Frame Length: 69 bytes
Capture Length: 69 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6), Dst: Draytek_96:73:28 (00:50:7f:96:73:28)
Destination: Draytek_96:73:28 (00:50:7f:96:73:28)
Address: Draytek_96:73:28 (00:50:7f:96:73:28)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
Address: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.12 (192.168.1.12), Dst: 8.8.4.4 (8.8.4.4)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 55
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x6cf6 [correct]
[Good: True]
[Bad : False]
Source: 192.168.1.12 (192.168.1.12)
Destination: 8.8.4.4 (8.8.4.4)
User Datagram Protocol, Src Port: 40040 (40040), Dst Port: domain (53)
Source port: 40040 (40040)
Destination port: domain (53)
Length: 35
Checksum: 0x23a5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
Transaction ID: 0x4791
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type Unknown (256), class Unknown (256)
Name: <Root>
Type: Unknown (256)
Class: Unknown (0x0100)
Additional records
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
0000 00 50 7f 96 73 28 00 26 18 fe 6d b6 08 00 45 00 .P..s(.&..m...E.
0010 00 37 00 00 40 00 40 11 6c f6 c0 a8 01 0c 08 08 .7.. at .@.l.......
0020 04 04 9c 68 00 35 00 23 23 a5 47 91 01 00 00 01 ...h.5.##.G.....
0030 00 00 00 00 00 01 00 01 00 01 00 00 29 10 00 00 ............)...
0040 00 00 00 00 00 .....
No. Time Source Destination Protocol Info
5 5.107836 192.168.1.12 8.8.8.8 DNS Standard query Unknown (256) <Root>[Malformed Packet]
Frame 5 (69 bytes on wire, 69 bytes captured)
Arrival Time: Feb 5, 2011 18:48:29.650534000
[Time delta from previous captured frame: 4.004100000 seconds]
[Time delta from previous displayed frame: 4.004100000 seconds]
[Time since reference or first frame: 5.107836000 seconds]
Frame Number: 5
Frame Length: 69 bytes
Capture Length: 69 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6), Dst: Draytek_96:73:28 (00:50:7f:96:73:28)
Destination: Draytek_96:73:28 (00:50:7f:96:73:28)
Address: Draytek_96:73:28 (00:50:7f:96:73:28)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
Address: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.12 (192.168.1.12), Dst: 8.8.8.8 (8.8.8.8)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 55
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x68f2 [correct]
[Good: True]
[Bad : False]
Source: 192.168.1.12 (192.168.1.12)
Destination: 8.8.8.8 (8.8.8.8)
User Datagram Protocol, Src Port: 40040 (40040), Dst Port: domain (53)
Source port: 40040 (40040)
Destination port: domain (53)
Length: 35
Checksum: 0x1fa1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
Transaction ID: 0x4791
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type Unknown (256), class Unknown (256)
Name: <Root>
Type: Unknown (256)
Class: Unknown (0x0100)
Additional records
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
0000 00 50 7f 96 73 28 00 26 18 fe 6d b6 08 00 45 00 .P..s(.&..m...E.
0010 00 37 00 00 40 00 40 11 68 f2 c0 a8 01 0c 08 08 .7.. at .@.h.......
0020 08 08 9c 68 00 35 00 23 1f a1 47 91 01 00 00 01 ...h.5.#..G.....
0030 00 00 00 00 00 01 00 01 00 01 00 00 29 10 00 00 ............)...
0040 00 00 00 00 00 .....
No. Time Source Destination Protocol Info
6 6.108925 192.168.1.12 8.8.4.4 DNS Standard query Unknown (256) <Root>[Malformed Packet]
Frame 6 (69 bytes on wire, 69 bytes captured)
Arrival Time: Feb 5, 2011 18:48:30.651623000
[Time delta from previous captured frame: 1.001089000 seconds]
[Time delta from previous displayed frame: 1.001089000 seconds]
[Time since reference or first frame: 6.108925000 seconds]
Frame Number: 6
Frame Length: 69 bytes
Capture Length: 69 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6), Dst: Draytek_96:73:28 (00:50:7f:96:73:28)
Destination: Draytek_96:73:28 (00:50:7f:96:73:28)
Address: Draytek_96:73:28 (00:50:7f:96:73:28)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
Address: AsustekC_fe:6d:b6 (00:26:18:fe:6d:b6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.12 (192.168.1.12), Dst: 8.8.4.4 (8.8.4.4)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 55
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x6cf6 [correct]
[Good: True]
[Bad : False]
Source: 192.168.1.12 (192.168.1.12)
Destination: 8.8.4.4 (8.8.4.4)
User Datagram Protocol, Src Port: 40040 (40040), Dst Port: domain (53)
Source port: 40040 (40040)
Destination port: domain (53)
Length: 35
Checksum: 0x23a5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
Transaction ID: 0x4791
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type Unknown (256), class Unknown (256)
Name: <Root>
Type: Unknown (256)
Class: Unknown (0x0100)
Additional records
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
0000 00 50 7f 96 73 28 00 26 18 fe 6d b6 08 00 45 00 .P..s(.&..m...E.
0010 00 37 00 00 40 00 40 11 6c f6 c0 a8 01 0c 08 08 .7.. at .@.l.......
0020 04 04 9c 68 00 35 00 23 23 a5 47 91 01 00 00 01 ...h.5.##.G.....
0030 00 00 00 00 00 01 00 01 00 01 00 00 29 10 00 00 ............)...
0040 00 00 00 00 00 .....
More information about the udns
mailing list