[Dnsmasq-discuss] Format Errors using add-subnet

Scott Bonar sbonar at cradlepoint.com
Wed Dec 7 16:02:49 GMT 2016


Albert,


First let me be clear - I don't believe this is a DNSMasq issue since I can reproduce it with dig.  I was just hoping with all the DNS experts on this forum that someone would have seen this issue with the Windows Server and give me some pointers on possible solutions.


Second, here is an example trace of the error.


No.     Time           Source                Destination           Protocol Length Info
      1 0.000000       172.19.9.210          65.153.116.46         DNS      97     Standard query 0x7613 A www.google.com OPT

Frame 1: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: Shuttle_97:5f:7c (80:ee:73:97:5f:7c), Dst: JuniperN_b1:4a:e0 (0c:86:10:b1:4a:e0)
Internet Protocol Version 4, Src: 172.19.9.210, Dst: 65.153.116.46
User Datagram Protocol, Src Port: 54012, Dst Port: 53
Domain Name System (query)
    [Response In: 2]
    Transaction ID: 0x7613
    Flags: 0x0120 Standard query
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..1. .... = AD bit: Set
        .... .... ...0 .... = Non-authenticated data: Unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        www.google.com: type A, class IN
            Name: www.google.com
            [Name Length: 14]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 12
            Option: CSUBNET - Client subnet
                Option Code: CSUBNET - Client subnet (8)
                Option Length: 8
                Option Data: 00012000ac1309d2
                Family: IPv4 (1)
                Source Netmask: 32
                Scope Netmask: 0
                Client Subnet: 172.19.9.210

No.     Time           Source                Destination           Protocol Length Info
      2 0.025748       65.153.116.46         172.19.9.210          DNS      97     Standard query response 0x7613 Format error A www.google.com OPT

Frame 2: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: JuniperN_b1:4a:e0 (0c:86:10:b1:4a:e0), Dst: Shuttle_97:5f:7c (80:ee:73:97:5f:7c)
Internet Protocol Version 4, Src: 65.153.116.46, Dst: 172.19.9.210
User Datagram Protocol, Src Port: 53, Dst Port: 54012
Domain Name System (response)
    [Request In: 1]
    [Time: 0.025748000 seconds]
    Transaction ID: 0x7613
    Flags: 0x8101 Standard query response, Format error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 0... .... = Recursion available: Server can't do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0001 = Reply code: Format error (1)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        www.google.com: type A, class IN
            Name: www.google.com
            [Name Length: 14]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (41)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x00
            EDNS0 version: 0
            Z: 0x0000
                0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
                .000 0000 0000 0000 = Reserved: 0x0000
            Data length: 12
            Option: CSUBNET - Client subnet
                Option Code: CSUBNET - Client subnet (8)
                Option Length: 8
                Option Data: 00012000ac1309d2
                Family: IPv4 (1)
                Source Netmask: 32
                Scope Netmask: 0
                Client Subnet: 172.19.9.210


________________________________
From: Albert ARIBAUD <albert.aribaud at free.fr>
Sent: Wednesday, December 7, 2016 6:20:32 AM
To: Scott Bonar
Cc: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Format Errors using add-subnet

Hi Scott,

Le Mon, 5 Dec 2016 20:10:44 +0000
Scott Bonar <sbonar at cradlepoint.com> a écrit:

> When using this option (which I really need to do) for DNS queries, I
> get Format Errors from the upstream DNS servers if they are Windows
> Servers 2008 through at least 2012.  Has anyone seen this and is
> there a workaround either in DNSMasq or Windows?
>
> Your help is appreciated.

Maybe an actual example (ideally with a Wireshark or tcdump capture)
could help pinpoint the issue.

> Scott Bonar

Amicalement,
--
Albert.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20161207/9d89f2ef/attachment.html>


More information about the Dnsmasq-discuss mailing list