command line ID vs Wireshark transaction ID (dns.id)
John W. Blue
john.blue at rrcic.com
Fri Aug 11 04:28:13 UTC 2017
Mark,
If only it was that easy!
Because I have went through heaps and heaps of test configurations, I can say with some confidence, that you have not actually tried to correlate the values yourself in a similar fashion.
(insane is defined as doing the same thing over and expecting a different result, correct?)
Before I composed this email I did one last tcpdump where I tested via the command:
# rndc flush
# tcpdump -n -i bge1 -s0 -w airnav.pcap port domain
The query command in another shell was:
$ dig www.airnav.com.
With a result of:
; <<>> DiG <<>> www.airnav.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64934
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; QUESTION SECTION:
;www.airnav.com. IN A
;; ANSWER SECTION:
www.airnav.com. 300 IN A 206.125.168.131
The screenshot of the resulting pcap is here:
http://www.rfmapping.com/airnav.png
Although I would expect transaction 0xc905 to be the one that produced the above dig results, for grins, none of the hex transaction id's can be converted to match the id "64934".
John
-----Original Message-----
From: Mark Andrews [mailto:marka at isc.org]
Sent: Thursday, August 10, 2017 7:26 PM
To: John W. Blue
Cc: bind-users at lists.isc.org
Subject: Re: command line ID vs Wireshark transaction ID (dns.id)
Apply Occam's razor.
The packet in wireshark is not the packet DiG displayed.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list