[Dnsmasq-discuss] Format Errors using add-subnet
Scott Bonar
sbonar at cradlepoint.com
Wed Dec 7 16:02:49 GMT 2016
Albert,
First let me be clear - I don't believe this is a DNSMasq issue since I can reproduce it with dig. I was just hoping with all the DNS experts on this forum that someone would have seen this issue with the Windows Server and give me some pointers on possible solutions.
Second, here is an example trace of the error.
No. Time Source Destination Protocol Length Info
1 0.000000 172.19.9.210 65.153.116.46 DNS 97 Standard query 0x7613 A www.google.com OPT
Frame 1: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: Shuttle_97:5f:7c (80:ee:73:97:5f:7c), Dst: JuniperN_b1:4a:e0 (0c:86:10:b1:4a:e0)
Internet Protocol Version 4, Src: 172.19.9.210, Dst: 65.153.116.46
User Datagram Protocol, Src Port: 54012, Dst Port: 53
Domain Name System (query)
[Response In: 2]
Transaction ID: 0x7613
Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.google.com: type A, class IN
Name: www.google.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: CSUBNET - Client subnet
Option Code: CSUBNET - Client subnet (8)
Option Length: 8
Option Data: 00012000ac1309d2
Family: IPv4 (1)
Source Netmask: 32
Scope Netmask: 0
Client Subnet: 172.19.9.210
No. Time Source Destination Protocol Length Info
2 0.025748 65.153.116.46 172.19.9.210 DNS 97 Standard query response 0x7613 Format error A www.google.com OPT
Frame 2: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: JuniperN_b1:4a:e0 (0c:86:10:b1:4a:e0), Dst: Shuttle_97:5f:7c (80:ee:73:97:5f:7c)
Internet Protocol Version 4, Src: 65.153.116.46, Dst: 172.19.9.210
User Datagram Protocol, Src Port: 53, Dst Port: 54012
Domain Name System (response)
[Request In: 1]
[Time: 0.025748000 seconds]
Transaction ID: 0x7613
Flags: 0x8101 Standard query response, Format error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0001 = Reply code: Format error (1)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.google.com: type A, class IN
Name: www.google.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: CSUBNET - Client subnet
Option Code: CSUBNET - Client subnet (8)
Option Length: 8
Option Data: 00012000ac1309d2
Family: IPv4 (1)
Source Netmask: 32
Scope Netmask: 0
Client Subnet: 172.19.9.210
________________________________
From: Albert ARIBAUD <albert.aribaud at free.fr>
Sent: Wednesday, December 7, 2016 6:20:32 AM
To: Scott Bonar
Cc: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Format Errors using add-subnet
Hi Scott,
Le Mon, 5 Dec 2016 20:10:44 +0000
Scott Bonar <sbonar at cradlepoint.com> a écrit:
> When using this option (which I really need to do) for DNS queries, I
> get Format Errors from the upstream DNS servers if they are Windows
> Servers 2008 through at least 2012. Has anyone seen this and is
> there a workaround either in DNSMasq or Windows?
>
> Your help is appreciated.
Maybe an actual example (ideally with a Wireshark or tcdump capture)
could help pinpoint the issue.
> Scott Bonar
Amicalement,
--
Albert.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20161207/9d89f2ef/attachment.html>
More information about the Dnsmasq-discuss
mailing list