<div dir="ltr">Alrighty,<div><br></div><div>There could be a lot of sensitive information in the wire shark and I'm looking at how to parse that now. Currently here is the RESPONSE.log and default.log information</div><div><br></div><div>RESPONSE.log</div><div><code></div><div><div>16-Dec-2014 23:11:21.417 fetch 0x7f9d85d591d0 (fctx 0x7f9d7f856010(Domain-request/NAPTR)): created</div><div>16-Dec-2014 23:11:21.417 fctx 0x7f9d7f856010(Domain-request/NAPTR'): start</div><div>16-Dec-2014 23:11:21.417 fctx 0x7f9d7f856010(Domain-request/NAPTR'): try</div><div>16-Dec-2014 23:11:21.418 fctx 0x7f9d7f856010(Domain-request/NAPTR'): cancelqueries</div><div>16-Dec-2014 23:11:21.418 fctx 0x7f9d7f856010(Domain-request/NAPTR'): getaddresses</div><div>16-Dec-2014 23:11:21.418 fctx 0x7f9d7f856010(Domain-request/NAPTR'): query</div><div>16-Dec-2014 23:11:21.418 resquery 0x7f9d7f85d010 (fctx 0x7f9d7f856010(Domain-request/NAPTR)): send</div><div>16-Dec-2014 23:11:21.418 resquery 0x7f9d7f85d010 (fctx 0x7f9d7f856010(Domain-request/NAPTR)): sent</div><div>16-Dec-2014 23:11:21.418 resquery 0x7f9d7f85d010 (fctx 0x7f9d7f856010(Domain-request/NAPTR)): udpconnected</div><div>16-Dec-2014 23:11:21.419 resquery 0x7f9d7f85d010 (fctx 0x7f9d7f856010(Domain-request/NAPTR)): senddone</div><div>16-Dec-2014 23:11:21.489 resquery 0x7f9d7f85d010 (fctx 0x7f9d7f856010(Domain-request/NAPTR)): response</div><div>;Domain-request. IN NAPTR</div><div><br></div><div>UPSTREAM RESPONSES</div><div><br></div><div>UPSTREAM-RESPONSE 86400 IN A Correct-IP#1</div><div>UPSTREAM-RESPONSE 86400 IN A Correct-IP#2</div><div>UPSTREAM-RESPONSE 86285 IN A Correct-IP#3</div><div>16-Dec-2014 23:11:21.490 fctx 0x7f9d7f856010(Domain-request/NAPTR'): noanswer_response</div><div>16-Dec-2014 23:11:21.490 log_ns_ttl: fctx 0x7f9d7f856010: noanswer_response: Domain-request (in 'domain-name'?): 1 86285</div><div>16-Dec-2014 23:11:21.490 fctx 0x7f9d7f856010: trimming ttl of domain-name/NS for Domain-request/NAPTR: 86400 -> 86285</div><div><span style="background-color:rgb(255,255,0)">16-Dec-2014 23:11:21.490 DNS format error from upstreamServer#53 resolving Domain-request/NAPTR for client CLIENT-IP#15000: non-improving referral</span></div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): cancelquery</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): add_bad</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): try</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): cancelqueries</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): getaddresses</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): no addresses</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): done</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): stopeverything</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): cancelqueries</div><div>16-Dec-2014 23:11:21.491 fctx 0x7f9d7f856010(Domain-request/NAPTR'): sendevents</div><div>16-Dec-2014 23:11:21.492 fetch 0x7f9d85d591d0 (fctx 0x7f9d7f856010(Domain-request/NAPTR)): destroyfetch</div><div>16-Dec-2014 23:11:21.492 fctx 0x7f9d7f856010(Domain-request/NAPTR'): shutdown</div><div>16-Dec-2014 23:11:21.492 fctx 0x7f9d7f856010(Domain-request/NAPTR'): doshutdown</div><div>16-Dec-2014 23:11:21.492 fctx 0x7f9d7f856010(Domain-request/NAPTR'): stopeverything</div><div>16-Dec-2014 23:11:21.492 fctx 0x7f9d7f856010(Domain-request/NAPTR'): cancelqueries</div><div>16-Dec-2014 23:11:21.492 fctx 0x7f9d7f856010(Domain-request/NAPTR'): unlink</div><div>16-Dec-2014 23:11:21.492 fctx 0x7f9d7f856010(Domain-request/NAPTR'): destroy</div><div><br></div><div></code></div><div><br></div><div>Default.LOG</div><div><br></div><div><span style="font-size:13px">17-Dec-2014 00:07:38.205 query-errors: debug 2: fetch completed at resolver.c:3073 for domain-name/A in 0.071177: failure/success [domain:domain-name,</span><span style="font-size:13px">referral:0,restart:2,qrysent:</span><span style="font-size:13px">1,timeout:0,lame:0,neterr:0,</span><span class="" style="font-size:13px;background-color:rgb(255,255,0)">badresp</span><span style="font-size:13px"><span style="background-color:rgb(255,255,0)">:1</span>,adberr:0,findfail:0,</span><span style="font-size:13px">valfail:0]</span><br></div><div><br></div></div><div><br></div><div>While I know the Time stamps are different the same thing happens with each request. Now onto the wireshark parse.</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><font color="#660000">Levi Pederson</font></b><div><font color="#660000">Mankato Networks LLC</font></div><div><font color="#660000">cell | 612.481.0769</font></div><div><font color="#660000">work | 612.787.7392</font></div><div><a href="mailto:levipederson@mankatonetworks.net" target="_blank">levipederson@mankatonetworks.net</a></div><div><img src="http://www.mankatonetworks.com/images/mn_logo_email.png" width="200" height="21"><br></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jan 6, 2015 at 1:48 PM, Evan Hunt <span dir="ltr"><<a href="mailto:each@isc.org" target="_blank">each@isc.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, Jan 06, 2015 at 01:03:10PM -0600, Levi Pederson wrote:<br>
> However I can see the request come back to my server only to be rejected as<br>
> FORMERR and DNS format error badresp:1<br>
<br>
It looks like the upstream server send a badly formatted response. We'd be<br>
better equipped to diagnose the problem if you told us what query you were<br>
trying to resolve, and what version of BIND you're running.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Evan Hunt -- <a href="mailto:each@isc.org">each@isc.org</a><br>
Internet Systems Consortium, Inc.<br>
</font></span></blockquote></div><br></div>