Ask for hints for DNS TCP request

jiangtao jiangtao.hu at gmail.com
Thu Aug 4 21:41:01 UTC 2005 

Hi,

I am not sure if I send it to the corrent mail list. If not, please
forgive me to bother you.

I sent the DNS request(my.calendars.net) over UDP to the
server(138.23.201.101) and the server returned the truncated response,
for it is too big. So I sent the request again over TCP and I got
nothing from the server. But "dig +tcp @138.23.201.101
my.calendars.net" works.

I compared my packet with that of dig sent. They are the same. But I
didn't get any further response while dig got the correct one.
                   1234 0000 0001 0000 0000 0000  ...i.4..........
0x0040:  026d 7909 6361 6c65 6e64 6172 7303 6e65  .my.calendars.ne
0x0050:  7400 0001 0001                           t.....

Do I miss sth? Any hints? Thanks a lot.

-jiangtao

$ tcpdump -s 0 -X -vvv host 138.23.201.101 and port 53
15:36:12.520363 IP (tos 0x0, ttl  64, id 58950, offset 0, flags [DF],
proto: TCP (6), length: 60) df10.ucr.edu.5229 > ns3.ucr.edu.domain: S,
cksum 0x5b08 (correct), 2583184277:2583184277(0) win 5840 <mss
1460,sackOK,timestamp 192390611 0,nop,wscale 2>
0x0000:  4500 003c e646 4000 4006 21c3 8a17 551e  E..<.F at .@.!...U.
0x0010:  8a17 c965 146d 0035 99f8 4395 0000 0000  ...e.m.5..C.....
0x0020:  a002 16d0 5b08 0000 0204 05b4 0402 080a  ....[...........
0x0030:  0b77 a5d3 0000 0000 0103 0302            .w..........

15:36:12.520731 IP (tos 0x0, ttl  61, id 13339, offset 0, flags [DF],
proto: TCP (6), length: 64) ns3.ucr.edu.domain > df10.ucr.edu.5229: S,
cksum 0xa4d3 (correct), 1741081486:1741081486(0) ack 2583184278 win
49232 <nop,nop,timestamp 249608297 192390611,mss 1460,nop,wscale
0,nop,nop,sackOK>
0x0000:  4500 0040 341b 4000 3d06 d6ea 8a17 c965  E.. at 4.@.=......e
0x0010:  8a17 551e 0035 146d 67c6 cb8e 99f8 4396  ..U..5.mg.....C.
0x0020:  b012 c050 a4d3 0000 0101 080a 0ee0 b869  ...P...........i
0x0030:  0b77 a5d3 0204 05b4 0103 0300 0101 0402  .w..............

15:36:12.520755 IP (tos 0x0, ttl  64, id 58952, offset 0, flags [DF],
proto: TCP (6), length: 52) df10.ucr.edu.5229 > ns3.ucr.edu.domain: .,
cksum 0xa03a (correct), 1:1(0) ack 1 win 1460 <nop,nop,timestamp
192390612 249608297>
0x0000:  4500 0034 e648 4000 4006 21c9 8a17 551e  E..4.H at .@.!...U.
0x0010:  8a17 c965 146d 0035 99f8 4396 67c6 cb8f  ...e.m.5..C.g...
0x0020:  8010 05b4 a03a 0000 0101 080a 0b77 a5d4  .....:.......w..
0x0030:  0ee0 b869                                ...i

15:36:12.520997 IP (tos 0x0, ttl  64, id 58954, offset 0, flags [DF],
proto: TCP (6), length: 86) df10.ucr.edu.5229 > ns3.ucr.edu.domain: P,
cksum 0x1d5c (correct), 1:35(34) ack 1 win 1460 <nop,nop,timestamp
192390612 249608297> 0 [b2&3=0x1] [0q] [621au] ar: <ELT 57>[|domain]
0x0000:  4500 0056 e64a 4000 4006 21a5 8a17 551e  E..V.J at .@.!...U.
0x0010:  8a17 c965 146d 0035 99f8 4396 67c6 cb8f  ...e.m.5..C.g...
0x0020:  8018 05b4 1d5c 0000 0101 080a 0b77 a5d4  .....\.......w..
0x0030:  0ee0 b869 1234 0000 0001 0000 0000 0000  ...i.4..........
0x0040:  026d 7909 6361 6c65 6e64 6172 7303 6e65  .my.calendars.ne
0x0050:  7400 0001 0001                           t.....

15:36:12.521230 IP (tos 0x0, ttl  61, id 13340, offset 0, flags [DF],
proto: TCP (6), length: 52) ns3.ucr.edu.domain > df10.ucr.edu.5229: .,
cksum 0xe57b (correct), 1:1(0) ack 35 win 49232 <nop,nop,timestamp
249608297 192390612>
0x0000:  4500 0034 341c 4000 3d06 d6f5 8a17 c965  E..44. at .=......e
0x0010:  8a17 551e 0035 146d 67c6 cb8f 99f8 43b8  ..U..5.mg.....C.
0x0020:  8010 c050 e57b 0000 0101 080a 0ee0 b869  ...P.{........i
0x0030:  0b77 a5d4                                .w..

More information about the bind-users mailing list