queries with no RD bit set are truncating

Peter Andreev andreev.peter at gmail.com
Tue Jun 16 10:33:46 UTC 2009


Kevin, this server is totally non-recursive. Neither recurse option is
enabled and packet size does not exceed 512 byte. May be it was some
temporarly bugs due to mysterious causes.

Below I post full sniffer's output for both queries:

No.     Time        Source                Destination           Protocol
Info
      1 0.000000    193.110.129.66        194.85.61.20          DNS
Standard query MX lbr.ru

Frame 1 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Jun  9, 2009 10:21:34.405480000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:dns]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Intel_db:50:96 (00:0e:0c:db:50:96), Dst:
All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
    Destination: All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
        Address: All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Intel_db:50:96 (00:0e:0c:db:50:96)
        Address: Intel_db:50:96 (00:0e:0c:db:50:96)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 193.110.129.66 (193.110.129.66), Dst: 194.85.61.20
(194.85.61.20)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x7b9b (31643)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 126
    Protocol: UDP (0x11)
    Header checksum: 0x7f03 [correct]
        [Good: True]
        [Bad : False]
    Source: 193.110.129.66 (193.110.129.66)
    Destination: 194.85.61.20 (194.85.61.20)
User Datagram Protocol, Src Port: 11173 (11173), Dst Port: domain (53)
    Source port: 11173 (11173)
    Destination port: domain (53)
    Length: 32
    Checksum: 0xec71 [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
Domain Name System (query)
    [Response In: 2]
    Transaction ID: 0xc7e5
    Flags: 0x0000 (Standard query)
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...0 .... .... = Recursion desired: Don't do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data OK: Non-authenticated
data is unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        lbr.ru: type MX, class IN
            Name: lbr.ru
            Type: MX (Mail exchange)
            Class: IN (0x0001)

No.     Time        Source                Destination           Protocol
Info
      2 0.034553    194.85.61.20          193.110.129.66        DNS
Standard query response

Frame 2 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Jun  9, 2009 10:21:34.440033000
    [Time delta from previous captured frame: 0.034553000 seconds]
    [Time delta from previous displayed frame: 0.034553000 seconds]
    [Time since reference or first frame: 0.034553000 seconds]
    Frame Number: 2
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:dns]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b), Dst: Intel_db:50:96
(00:0e:0c:db:50:96)
    Destination: Intel_db:50:96 (00:0e:0c:db:50:96)
        Address: Intel_db:50:96 (00:0e:0c:db:50:96)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b)
        Address: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 194.85.61.20 (194.85.61.20), Dst: 193.110.129.66
(193.110.129.66)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x7b9b (31643)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 52
    Protocol: UDP (0x11)
    Header checksum: 0xc903 [correct]
        [Good: True]
        [Bad : False]
    Source: 194.85.61.20 (194.85.61.20)
    Destination: 193.110.129.66 (193.110.129.66)
User Datagram Protocol, Src Port: domain (53), Dst Port: 11173 (11173)
    Source port: domain (53)
    Destination port: 11173 (11173)
    Length: 32
    Checksum: 0x0000 (none)
        Good Checksum: False
        Bad Checksum: False
Domain Name System (response)
    [Request In: 1]
    [Time: 0.034553000 seconds]
    Transaction ID: 0xc7e5
    Flags: 0x8600 (Standard query response, No error)
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .1.. .... .... = Authoritative: Server is an authority for
domain
        .... ..1. .... .... = Truncated: Message is truncated
        .... ...0 .... .... = Recursion desired: Don't do query recursively
        .... .... 0... .... = Recursion available: Server can't do recursive
queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        lbr.ru: type MX, class IN
            Name: lbr.ru
            Type: MX (Mail exchange)
            Class: IN (0x0001)


No.     Time        Source                Destination           Protocol
Info
      7 79.586117   193.110.129.66        194.85.61.20          DNS
Standard query MX lbr.ru

Frame 7 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Jun  9, 2009 10:22:53.991597000
    [Time delta from previous captured frame: 6.975743000 seconds]
    [Time delta from previous displayed frame: 6.975743000 seconds]
    [Time since reference or first frame: 79.586117000 seconds]
    Frame Number: 7
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:dns]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Intel_db:50:96 (00:0e:0c:db:50:96), Dst:
All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
    Destination: All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
        Address: All-HSRP-routers_c7 (00:00:0c:07:ac:c7)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Intel_db:50:96 (00:0e:0c:db:50:96)
        Address: Intel_db:50:96 (00:0e:0c:db:50:96)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 193.110.129.66 (193.110.129.66), Dst: 194.85.61.20
(194.85.61.20)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x4611 (17937)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 126
    Protocol: UDP (0x11)
    Header checksum: 0xb48d [correct]
        [Good: True]
        [Bad : False]
    Source: 193.110.129.66 (193.110.129.66)
    Destination: 194.85.61.20 (194.85.61.20)
User Datagram Protocol, Src Port: 19335 (19335), Dst Port: domain (53)
    Source port: 19335 (19335)
    Destination port: domain (53)
    Length: 32
    Checksum: 0x689d [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
Domain Name System (query)
    [Response In: 8]
    Transaction ID: 0x2ad8
    Flags: 0x0100 (Standard query)
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data OK: Non-authenticated
data is unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        lbr.ru: type MX, class IN
            Name: lbr.ru
            Type: MX (Mail exchange)
            Class: IN (0x0001)

No.     Time        Source                Destination           Protocol
Info
      8 79.679224   194.85.61.20          193.110.129.66        DNS
Standard query response MX 10 MAIL.lbr.ru

Frame 8 (175 bytes on wire, 175 bytes captured)
    Arrival Time: Jun  9, 2009 10:22:54.084704000
    [Time delta from previous captured frame: 0.093107000 seconds]
    [Time delta from previous displayed frame: 0.093107000 seconds]
    [Time since reference or first frame: 79.679224000 seconds]
    Frame Number: 8
    Frame Length: 175 bytes
    Capture Length: 175 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:dns]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b), Dst: Intel_db:50:96
(00:0e:0c:db:50:96)
    Destination: Intel_db:50:96 (00:0e:0c:db:50:96)
        Address: Intel_db:50:96 (00:0e:0c:db:50:96)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b)
        Address: Cisco_ff:e0:1b (00:0b:bf:ff:e0:1b)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 194.85.61.20 (194.85.61.20), Dst: 193.110.129.66
(193.110.129.66)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 161
    Identification: 0x48ea (18666)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 55
    Protocol: UDP (0x11)
    Header checksum: 0xf847 [correct]
        [Good: True]
        [Bad : False]
    Source: 194.85.61.20 (194.85.61.20)
    Destination: 193.110.129.66 (193.110.129.66)
User Datagram Protocol, Src Port: domain (53), Dst Port: 19335 (19335)
    Source port: domain (53)
    Destination port: 19335 (19335)
    Length: 141
    Checksum: 0x29a9 [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
Domain Name System (response)
    [Request In: 7]
    [Time: 0.093107000 seconds]
    Transaction ID: 0x2ad8
    Flags: 0x8500 (Standard query response, No error)
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .1.. .... .... = Authoritative: Server is an authority for
domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 0... .... = Recursion available: Server can't do recursive
queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 1
    Authority RRs: 2
    Additional RRs: 3
    Queries
        lbr.ru: type MX, class IN
            Name: lbr.ru
            Type: MX (Mail exchange)
            Class: IN (0x0001)
    Answers
        lbr.ru: type MX, class IN, preference 10, mx MAIL.lbr.ru
            Name: lbr.ru
            Type: MX (Mail exchange)
            Class: IN (0x0001)
            Time to live: 1 day
            Data length: 9
            Preference: 10
            Mail exchange: MAIL.lbr.ru
    Authoritative nameservers
        lbr.ru: type NS, class IN, ns ns3.nic.ru
            Name: lbr.ru
            Type: NS (Authoritative name server)
            Class: IN (0x0001)
            Time to live: 1 day
            Data length: 10
            Name server: ns3.nic.ru
        lbr.ru: type NS, class IN, ns ns4.nic.ru
            Name: lbr.ru
            Type: NS (Authoritative name server)
            Class: IN (0x0001)
            Time to live: 1 day
            Data length: 6
            Name server: ns4.nic.ru
    Additional records
        MAIL.lbr.ru: type A, class IN, addr 213.184.248.227
            Name: MAIL.lbr.ru
            Type: A (Host address)
            Class: IN (0x0001)
            Time to live: 1 day
            Data length: 4
            Addr: 213.184.248.227
        ns3.nic.ru: type A, class IN, addr 194.85.61.20
            Name: ns3.nic.ru
            Type: A (Host address)
            Class: IN (0x0001)
            Time to live: 4 hours, 57 minutes, 5 seconds
            Data length: 4
            Addr: 194.85.61.20
        ns4.nic.ru: type A, class IN, addr 194.226.96.8
            Name: ns4.nic.ru
            Type: A (Host address)
            Class: IN (0x0001)
            Time to live: 4 hours, 57 minutes, 1 second
            Data length: 4
            Addr: 194.226.96.8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090616/c1702952/attachment.html>


More information about the bind-users mailing list