Windows and linux dns

[Kevin Darcy]

Simpson, Doug wrote:

>Hello all,
>I have just setup a new active directory forest that has a root domain
>(parent) and a child domain.
>Both domains have their own primary dns servers.
>I am getting the following event in my event logs on the child domain dns - 
>"The DNS server encountered a bad packet from x.x.x.x.  Packet processing
>leads beyond packet length. The event data contains the DNS packet."
>The parent dns server is running bind 8.2, and the child domain dns is
>Windows server 2003.
>Has anyone seen this error before?
>Is there a way to solve this issue?
>
Is x.x.x.x the BIND server? If x.x.x.x is a Windows client, then you're 
having a problem between a Windows client and a Windows nameserver and 
it almost certainly has nothing to do with BIND.

Assuming that x.x.x.x is the BIND (parent-domain) server, do you have a 
"server" clause in named.conf for the child-domain server? It seems 
almost like the BIND nameserver is signing packets destined for the 
Windows nameserver with ordinary TSIG, which Windows nameservers don't 
understand (they only understand GSS-TSIG, a "Microsoftized" version of 
the TSIG protocol extension)...

Also, BIND 8.2 is very old, buggy, insecure. Consider an upgrade. If you 
were running a more current version of BIND, I'd suspect that the "bad 
packet" messages were being caused by EDNS0 probes (in which case they'd 
be harmless since those are simply retried without EDNS0 when they don't 
work), but I don't think EDNS0 probing was implemented until 8.3.

                                                                         
                                                   - Kevin