Malformed response - AIX 4.9.3 interaction with Solaris 4.9.7 (fwd)

Jim Reid jim at rfc1035.com
Fri Jun 2 17:42:11 UTC 2000


>>>>> "Dave" == Dave DeChellis <derelict at ccs.neu.edu> writes:

    Dave>  The number of "A" records was increased by 1 to 27, and
    Dave> clients connecting to the Solaris server could NOT resolve
    Dave> this one host, but could resolve other hosts in the domain.
    Dave> In addition, querying the AIX server directly did return 27
    Dave> A records.  Packets were seen coming from the AIX server
    Dave> with all 27 IPs but a bad host repsonse was sent to the
    Dave> client.  On another DNS server (Solaris 8.2.3P5), we got the
    Dave> following messages in the log file:
 
    Dave> Jun 2 10:18:02 jupiter named[23879]:XX+/192.168.1.1/foobar.baz.com/A/IN 
    Dave> Jun 2 10:18:02 jupiter named[23879]: Malformed response from [172.26.31.1].53 (out of data in final pass)
 
    Dave>  Does anyone know of any possible issues/bugs?  

Well it looks like your AIX server is mangling the reply when it
contains 27 A records. [Why so many?] A malformed response error
indicates the packet is messed up. The "out of data in final pass"
message means the name server hit the end of the backet before it had
decoded all of the data that it expected to find. Maybe the server is
truncating the reply because the extra A record makes it too big for a
512-byte payload and maybe it's forgetting to set the tc - truncated
message - bit too? But since you chose to hide the name and address of
your name server and the hostname with 27 A records, it's hard for
someone on this list to say for sure.

However you say that querying the AIX box directly returns 27 A
records. That's odd. Maybe whatever is doing the queries is ignoring
or not reporting the fact that the packets from the AIX server have
been mangled. Your AIX server would probably be mangling all replies
for this hostname, not just the ones sent to your BIND8 server that
logs these errors. And the Sun's name server should also be squealing
about mangled packets from the AIX box. Did you check its logs?

Oh and you really should put a bullet into those 4.9 name servers.
BIND4 has been dead for a long time.



More information about the bind-users mailing list