[Dnsmasq-discuss] Got bad packet: bad compression pointer

Simon Kelley simon at thekelleys.org.uk
Mon Jan 23 22:06:55 GMT 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OK, that's a bit difficult to correlate the client and upstream, but I
can see in the responses coming back from upstream that the order of
the RRs in the Auth section of the "no-such name" replies is

NSEC
RRSIG (for NSEC)
SOA
RRSIG (for SOA)

That's different than for the google public DNS which returns

SOA
NSEC
RRSIG
RRSIG

Both are valid, but the first exercises code-paths the second doesn't,
since the SOA RR has to be moved when the NSEC and its RRSIG are
deleted from the packet.

The address of the upstream server in the captures is an RFC1918
address. Is there a comcast server at  a public address that I can
point to and get the same answers? That should allow me to reproduce
the bug here.

I just tried the first 5 or 6 servers in google's answer to the query
"public dns" and they all reply in the SOA-first order. Need to find a
public DNS server that replies in the NSEC-first order.

Cheers,

Simon.


On 18/01/17 20:49, Dave Taht wrote:
> The offputting part of your outline of what to check for was "some 
> hairy pointer code". :) I'm in the middle of some crash bugs 
> elsewhere, and I didn't realize how fast I could get you data
> without thinking about the "hairy" parts.
> 
> 
> dnssec and dnssec-check-unsigned are enabled, and I'm using
> cachesize 9999 (what's the limit nowadays?)
> 
> I put packet captures of the external interface on the router
> (comcast upstream) and captures taken at the client, a log, and
> conf file, here:
> 
> http://www.taht.net/~d/dnssecbug/
> 
> Basically hammering on nslookup for the two internal and internal 
> captures there.
> 
> Hammering on "dig" later, I was unable to trigger it on A, or AAAA 
> requests. Was able to easily trigger it on a MX request.
> 
> flent-freemont does not exist, btw. Flent-fremont, does. It will
> go boom on both.
> 
> 
> 
> root at dancer:~/dnssecbug# dig flent-freemont.bufferbloat.net MX ;;
> Got bad packet: bad compression pointer 123 bytes a5 c9 81 a0 00 01
> 00 00 00 01 00 01 0e 66 6c 65          .............fle 6e 74 2d 66
> 72 65 65 6d 6f 6e 74 0b 62 75 66 66          nt-freemont.buff 65 72
> 62 6c 6f 61 74 03 6e 65 74 00 00 0f 00 01
> erbloat.net..... c0 1b 00 06 00 01 00 00 0e 10 00 34 06 61 72 6e
> ...........4.arn 6f 6c 64 02 6e 73 0a 63 6c 6f 75 64 66 6c 61 72
> old.ns.cloudflar 65 03 63 6f 6d 00 03 64 6e 73 c0 eb 78 9d d7 47
> e.com..dns..x..G 00 00 27 10 00 00 09 60 00 09 3a 80 00 00 0e 10
> ..'....`..:..... 00 00 29 02 00 00 00 00 00 00 00
> ..)........ root at dancer:~/dnssecbug# dig
> flent-freemont.bufferbloat.net MX
> 
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> flent-freemont.bufferbloat.net MX 
> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode:
> QUERY, status: NOERROR, id: 34631 ;; flags: qr rd ra ad; QUERY: 1,
> ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;;
> QUESTION SECTION: ;flent-freemont.bufferbloat.net.    IN    MX
> 
> ;; AUTHORITY SECTION: bufferbloat.net.    3600    IN    SOA
> arnold.ns.cloudflare.com. dns.cloudflare.com. 2023610183 10000 2400
> 604800 3600
> 
> ;; Query time: 72 msec ;; SERVER: 172.26.16.1#53(172.26.16.1) ;;
> WHEN: Wed Jan 18 12:42:02 PST 2017 ;; MSG SIZE  rcvd: 123
> 
> 
> 
> On Wed, Jan 18, 2017 at 12:01 PM, Dave Taht <dave.taht at gmail.com>
> wrote:
>> On Wed, Jan 18, 2017 at 11:48 AM, Simon Kelley
>> <simon at thekelleys.org.uk> wrote:
> I won't have access to a MIPS system 'till the weekend.
> 
> I assume you're using the git head code?
>>> 
>>> No. Lede-project head. package claims to be dnsmasq-2.76-6.
>>> libc is musl.
>>> 
>>> Box under test was an archer c7v2. Can go try a few other mips
>>> boxes like the wndr3800, but I've seen it there too. The arm
>>> box (that is working) is an linksys-1200ac. (overall it's
>>> looking like a fine release of lede)....
>>> 
> Did you manage to see a dump of the upstream reply?
>>> 
>>> Not yet. I'll touch bases with you later in the week.
>>> 
> 
> 
> Simon.
> 
> 
> 
> On 18/01/17 07:31, Dave Taht wrote:
>>>>> so far I can only make it happen on mips. Doesn't happen on
>>>>> arm. Haven't tried harder yet.
>>>>> 
>> 
>> 
>> 
>> -- Dave Täht Let's go make home routers and wifi faster! With
>> better software! http://blog.cerowrt.org
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJYhn5+AAoJEBXN2mrhkTWiTS8QAIwA9Ue2ovYfA/orURvb0VHg
nc4NIpV4bDdKH6IwbpdrJLh4AO/2xs1ZCYNeb+YKz0QKbK1ycOiZqcwKr0OESWEc
tMW1TFNXtdtAy3MHs9hgPJk3tnYzao8VdrsTFOiCUy2rdzexH4OOt17nJ2VC4+Hb
xYZx6/cNOXPGYghk1UeZCJuvspV1UzQkcMJ+EDI5To1s33Nk7apaXY7k8XABYOip
Aj/2F7SLyAohxPDyUR0Pc4NqNZjJhP9bGUfhotLcDWzEtXnVIpMx9OgapZ9s7e5z
q9yYtqorDsPgdAeR9KqyizahjaOcEB3BA9PXshQb0+dutVzgxbrcXhUkBTr41gnY
8dOPA85dFxTasRKAcx1cyVZxZmaSSisP02rfn7FGvq2UmC7/gPlvIS+/2xnYMFqg
wQ6fL+E0nEvT3MLENEDKh187QVYtckI2su+9J0enKZ+6w/yU0vHHocEjTBVqRFts
n3dIeTRiHfSF0v5n27t7rJaX57bioRrYXRByYP9Lz75nGbLhgg7an7VEf2rz/Kx5
F3/BoisAF/xCc5Q/ves12St10J4JbWsvFaeZJDQVmsFquM6eE3fZ3XvdPFz6NtbJ
MGWle5sbZXITLcZcrtusrAS8tDwPc1KZTEtV08fDg0qzZE1cgYbpUolrUpnPLbhz
7YpnGSCLN4obHT8kwxVG
=HECI
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list