BIND in Windows - extra packets

Schelly, Neil NSchelly at gomez.com
Tue Apr 26 19:09:07 UTC 2005 

Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

-----Original Message-----
From: Danny Mayer [mailto:mayer at gis.net]=20
Sent: Monday, April 25, 2005 1:12 AM
To: Schelly, Neil; bind-users at isc.org
Subject: Re: BIND in Windows - extra packets

> I'm not aware of anything that would cause this. The Windows socket
> implementation was designed to have equal functionality as the Unix
> code and I would not expect it to be sending out extra packets. You =
didn't
> say what version of BIND you were running on Linux. Try using the
> server statement:
> server ip_addr { edns no;};
> where ip_addr is the address of the server you are trying to reach =
and see
> if it still sends out the extra packets. I recall that PIX has =
problems
with
> EDNS packets. EDNS may have nothing to do with the problem but
> you never know. I can't imagine how it would send out extra packets.
> are they going to the same address/port?

I did find similar information about Cisco PIX and edns problem.  I =
already
tried limiting the edns packet size to 512, which should have =
circumvented
the problem.  I would try this method some more, but I don't want this
behavior to happen at all.  If this would require specifying the same =
option
for every remote DNS server it could query, it really wouldn't be an
appropriate solution.

That said, the extra information I have is that I've tried now several
versions in the 9.3 and 9.2 series on Windows XP Pro, 2000 Server, 2000
Advanced Server, 2003 Server, NT4 Server, etc.   9.2.2 is what we run =
in
Linux and they have no problems.  In each Windows case, I can confirm =
this
problem.  It sends the excess packets (one or two) out only a few =
100,000ths
of a second later.  They are basically full UDP packets with no =
payload.
The UDP checksum is the last part of the packet - the payload is =
completely
empty, no bytes.  Sometimes remote DNS servers will reply to these =
packets
with a DNS error saying that the request was invalid.

I have attached a small 16k capture file.  Perhaps it'll help you =
understand
what I'm seeing, but again, it's really easy to reproduce this for me.  =
Just
installing BIND, any version, on any Windows, and setting it up with a =
blank
config file does it.  I've just started using localhost for my DNS =
lookups
and I get lots of capture data to show this.

Regards,
=20
Neil J. Schelly
Engineer, Network Operations
=20
G=F3mez, Inc.
Enabling Performance Excellence
T 781.768.2445
M 508-410-4776
nschelly at gomez.com
www.gomez.com




-- Binary/unsupported file stripped by Ecartis --
-- Type: application/octet-stream
-- File: DNS Extra Packets 1

More information about the bind-users mailing list