Got bad packet: bad label type

Mark Andrews Mark_Andrews at isc.org
Wed Oct 22 00:46:48 UTC 2008


In message <707abafb0810211732o3a20fb31x8fa36e3c7036553f at mail.gmail.com>, "Linu
x Addict" writes:
> On Tue, Oct 21, 2008 at 6:24 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
> 
> >
> > In message <707abafb0810211024m2d1a3e55j5d495433db242217 at mail.gmail.com>,
> > "Linu
> > x Addict" writes:
> > > I get this error when I try resolve some specific records. Anyone know
> > what
> > > it means and how to resolve it.
> >
> >         You got a malformed packet.
> >
> > > ;; Got bad packet: bad label type
> > > 160 bytes
> > > 2b 3c 81 80 00 01 00 04 00 00 00 00 09 5f 6b 65
> >   id=11068
> >              questions=1
> >                    answers=4
> >                          authorityu=0
> >                                additional=0
> >                                         _kerberos.
> > > 72 62 65 72 6f 73 04 5f 75 64 70 05 49 54 57 45
> >                        _tcp.          ITWEB.
> > > 42 05 57 45 42 4d 44 03 4e 45 54 00 00 21 00 01
> >         WEBMD.            CET.        SRV   IN
> > > c0 0c 00 21 00 01 00 00 00 77 00 10 00 00 00 64 <------------------\
> >  compression point to offset 0x0c (_tcp.ITWEB.WEBMD.CET.)           |
> >        SRV   IN    119         16    0     100                      |
> > > 00 58 07 64 6e 79 64 63 30 32 c0 3f c0 0c 00 21                    |
> >   88       dnydc02.             compression pointer to offset 3f ----/
> >                         (which is 0x64, which is not a valid label).
> > > 00 01 00 00 00 77 00 10 00 00 00 64 00 58 07 64
> > > 6e 79 64 63 30 31 c0 3f c0 0c 00 21 00 01 00 00
> > > 00 77 00 10 00 00 00 64 00 58 07 64 6e 6a 64 63
> > > 30 32 c0 3f c0 0c 00 21 00 01 00 00 00 77 00 10
> > > 00 00 00 64 00 58 07 64 6e 6a 64 63 30 31 c0 3f
> > >
> > > Thanks
> > > LA
> > >
> > >
> > >
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> >
> 
> 
> This is awesome!! How did you decode it?

	The contents of a DNS packet are described in RFCs 1034 and
	RFC 1035.  It's a simple matter to just read the data.

> Now How do I fix it?

	You fix the server (usually that means upgrade) that sent
	you the response and/or any middle box (nat/firewall) that
	mucked with the packets contents.

	All the compression pointers in the SRV records are bad
	which rules out random packet corruption.  So you are looking
	at the software that wrote / re-wrote the DNS payload.

	Mark
> 
> Thanks, LA
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list