stream_getlen(...): request too small

Mark_Andrews at Mark_Andrews at
Wed Nov 10 04:29:19 UTC 1999

> I've had quite a few messages logged by one of my servers like:
> Nov 9 02:05:48 mercury named[14461]: stream_getlen([].2200):
> request too small
> Anyone give me a quick lesson in the ramifications of this?  This mean
> someone is firing broken packets at me?  The address logged is outside our
> perimeter...
	DNS TCP has a 2 octet header saying how big the follwoing query is. 
	The received size is less than the minimum of a query hence bogus.

> Unrelated but related:  I see "allow-query"... but is there a mechanism in
> BIND that can do the opposite (kind of like a "reject-query acl")?

	You can do this with the existing acls, you can negate a list.

> BIND 8.2.1.  Thanks in advance.
> -Alan
> =============
> Alan Sparks, Principal Network Analyst       <asparks at>
> Harris Corporation, Camarillo CA                   (805) 389-2430
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at

More information about the bind-users mailing list