ns_initparse: Message too long - error given by dig, but not named
Ted_Rule at flextech.co.uk
Ted_Rule at flextech.co.uk
Mon Oct 2 17:06:19 UTC 2000
An odd little problem. The server at ns1.greatdomains.com appears to
be issuing malformed packets, but only dig and not named seem to be complaining
about them. This with 8.2.2-P5 named and dig. I'm actively trying to find out
what version
of name server is running on the greatdomains box.
The first trace shows querying this server directly for an SOA record with dig,
and the corresponding tcpdump of the raw hex of those packets.
The second trace shows querying a local server to prove it has no cached records
for a given domain, and then querying for the A record in that domain, and then
doing it again several seconds later. Meanwhile, syslog for the local DNS server
showed NO error messages when I made the query for the A record via the local
server.
The third section of code shows where the initparse message seems to come from
in the resolver library.
On the face of it - and I'm afraid my decode of raw hex is not up to it, the
most likely
explanation of the fault is that ns1.greatdomains.com is issuing replies with
the DNS
header containing an invalid answer counts and/or the packet size is greater
than
the answer counts would otherwise indicate. This should cause it to trip on this
bit of
code in initparse:
if (msg != eom)
RETERR(EMSGSIZE);
It may be that dig or the library itself are broken, but I can't see anything
obvious reported for
recent bind-8.2.3 CHANGES which might correspond to this, and I can't help
feeling such
a bug would have been found ages ago.
The initparse code also only seems to occur in the TCP packet decode section of
dig itself,
though does occur elsewhere in the resolver library.
the implication is that UDP sensed truncation somehow, went to TCP instead, and
then
grolked on the message length. This doesn't actually square with a further test
I made using
an explicit +novc call to dig which still gave the same "Message too long" error
anyway.
I can't honestly follow enough of the code sequence to work out where this error
message is
actually being generated.
I can kind of see why the name server might not actually return any error
message; these bits
of code seem to report an error if the actual message length is shorter than all
the answer/
auth/additional sections might otherwise indicate
.......
if (cp >= eom) {
free_related_additional();
if (flushset != NULL)
free_flushset(flushset, flushset_size);
formerrmsg = outofDataFinal;
goto formerr;
}
.......
if (cp > eom) {
formerrmsg = outofDataAFinal;
goto formerr;
}
......
but there doesn't seem to be a test for "message length > answer count" in
ns_resp.c which
would correspond to where dig is glitching.
Can anyone try this with any more recent version to see whether the problem
still exists, and
should there be a recoding of the server to make the additional test for "packet
longer than
answer count might otherwise indicate" ? And can anyone out there decode enough
of the
hex to tell me what the miscoding in the original packet really is ?
Ted
===============================================================
$ dig @ns1.greatdomains.com smashedatom.com soa
; <<>> DiG 8.2 <<>> @ns1.greatdomains.com smashedatom.com soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ns_initparse: Message too long
;; Total query time: 368 msec
;; FROM: homer.flextech.co.uk to SERVER: ns1.greatdomains.com 207.171.44.100
;; WHEN: Mon Oct 2 11:23:05 2000
;; MSG SIZE sent: 33 rcvd: 135
$ sudo tcpdump -l -x -n host 207.171.44.100 | tcpdumpascii.pl
User level filter, protocol ALL, datagram packet socket
tcpdump: listening on all devices
11:23:04.713691 eth0 > 195.188.171.98.2372 > 207.171.44.100.domain: 6+ SOA?
smashedatom.com. (33)
4500 003d 25ba 0000 4011 e9c7 c3bc ab62 E..=%... at ......b
cfab 2c64 0944 0035 0029 ed99 0006 0100 ..,d.D.5.)......
0001 0000 0000 0000 0b73 6d61 7368 6564 .........smashed
6174 6f6d 0363 6f6d 0000 0600 01 atom.com......
11:23:05.077853 eth0 < 207.171.44.100.domain > 195.188.171.98.2372: 6*- 1/0/0
SOA (135)
4500 00a3 906e 0000 6d11 51ad cfab 2c64 E....n..m.Q...,d
c3bc ab62 0035 0944 008f a731 0006 8400 ...b.5.D...1....
0001 0001 0000 0000 0b73 6d61 7368 6564 .........smashed
6174 6f6d 0363 6f6d 0000 0600 010b 736d atom.com......sm
6173 6865 6461 746f 6d03 636f 6d00 0006 ashedatom.com...
0001 0000 0e10 004a 036e 7331 0c67 7265 .......J.ns1.gre
6174 646f 6d61 696e 7303 636f 6d00 0d61 atdomains.com..a
646d 696e 6973 7472 6174 6f72 0c67 7265 dministrator.gre
6174 646f 6d61 696e 7303 636f 6d00 0131 atdomains.com..1
=====================================================
$ dig @homer smashedatom.com any +norecurse
; <<>> DiG 8.2 <<>> @homer smashedatom.com any +norecurse
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40806
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 12, ADDITIONAL: 12
;; QUERY SECTION:
;; smashedatom.com, type = ANY, class = IN
;; AUTHORITY SECTION:
com. 5d14h48m26s IN NS A.ROOT-SERVERS.NET.
com. 5d14h48m26s IN NS E.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS F.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS J.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS K.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS A.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS M.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS G.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS C.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS I.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS B.GTLD-SERVERS.NET.
com. 5d14h48m26s IN NS D.GTLD-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 4d16h34m31s IN A 198.41.0.4
E.GTLD-SERVERS.NET. 4d17h32m13s IN A 207.200.81.69
F.GTLD-SERVERS.NET. 4d17h32m13s IN A 198.17.208.67
J.GTLD-SERVERS.NET. 4d17h32m13s IN A 198.41.0.21
K.GTLD-SERVERS.NET. 4d17h58m12s IN A 213.177.194.5
A.GTLD-SERVERS.NET. 4d17h32m13s IN A 198.41.3.38
M.GTLD-SERVERS.NET. 4d17h32m13s IN A 202.153.114.101
G.GTLD-SERVERS.NET. 4d17h32m13s IN A 198.41.3.101
C.GTLD-SERVERS.NET. 4d17h32m13s IN A 205.188.185.18
I.GTLD-SERVERS.NET. 4d17h32m13s IN A 192.36.144.133
B.GTLD-SERVERS.NET. 4d17h32m13s IN A 203.181.106.5
D.GTLD-SERVERS.NET. 4d17h32m13s IN A 208.206.240.5
;; Total query time: 12 msec
;; FROM: intranot.flextech.co.uk to SERVER: homer 195.188.171.98
;; WHEN: Mon Oct 2 16:22:45 2000
;; MSG SIZE sent: 33 rcvd: 449
$ dig @homer smashedatom.com a +recurse -p 5353
; <<>> DiG 8.2 <<>> @homer smashedatom.com a +recurse
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ns_initparse: Message too long
;; Total query time: 284 msec
;; FROM: intranot.flextech.co.uk to SERVER: homer 195.188.171.98
;; WHEN: Mon Oct 2 16:23:03 2000
;; MSG SIZE sent: 33 rcvd: 65
$ dig @homer smashedatom.com a +recurse
; <<>> DiG 8.2 <<>> @homer smashedatom.com a +recurse
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43839
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; smashedatom.com, type = A, class = IN
;; ANSWER SECTION:
smashedatom.com. 59m47s IN A 207.171.44.230
;; AUTHORITY SECTION:
smashedatom.com. 1d23h59m47s IN NS NS1.GREATDOMAINS.COM.
smashedatom.com. 1d23h59m47s IN NS NS2.GREATDOMAINS.COM.
;; ADDITIONAL SECTION:
NS1.GREATDOMAINS.COM. 1d18h52m21s IN A 207.171.44.100
NS2.GREATDOMAINS.COM. 1d23h59m47s IN A 207.171.44.101
;; Total query time: 3 msec
;; FROM: intranot.flextech.co.uk to SERVER: homer 195.188.171.98
;; WHEN: Mon Oct 2 16:23:16 2000
;; MSG SIZE sent: 33 rcvd: 133
==============================================================
$ grep SIZE /usr/src/linux/include/asm/errno.h
#define EMSGSIZE 90 /* Message too long */
$ find . -name '*.[ch]' -print | xargs grep initparse | more
./bin/dig/dig.c: if (ns_initparse(msg, msglen, &handle) < 0) {
./bin/dig/dig.c: fprintf(file, ";; ns_initparse: %s\n",
strerror(errno));
./bin/named-xfer/named-xfer.c: if (ns_initparse(msg, len, &handle) < 0) {
./bin/named-xfer/named-xfer.c: fprintf(file, ";; ns_initparse: %s\n",
strerror(errno));
./bin/nslookup/list.c: if (ns_initparse(answer, cp - answer, &handle) <
0) {
./bin/nslookup/list.c: perror("ns_initparse");
./include/arpa/nameser.h:#define ns_initparse __ns_initparse
./include/arpa/nameser.h:int ns_initparse __P((const u_char *, int,
ns_msg *));
./lib/nameser/ns_parse.c:ns_initparse(const u_char *msg, int msglen, ns_msg
*handle) {
./lib/resolv/res_debug.c: if (ns_initparse(msg, len, &handle) < 0) {
./lib/resolv/res_debug.c: fprintf(file, ";; ns_initparse: %s\n",
strerror(errno));
./lib/resolv/res_findzonecut.c: if (ns_initparse(resp, n, msg) < 0) {
./lib/resolv/res_findzonecut.c: DPRINTF(("do_query: ns_initparse
failed"));
$ pwd
/usr/src/bind/bind-8.2.2-P5/src/lib/nameser
$ more ns_parse.c
........
int
ns_initparse(const u_char *msg, int msglen, ns_msg *handle) {
const u_char *eom = msg + msglen;
int i;
memset(handle, 0x5e, sizeof *handle);
handle->_msg = msg;
handle->_eom = eom;
if (msg + NS_INT16SZ > eom)
RETERR(EMSGSIZE);
NS_GET16(handle->_id, msg);
if (msg + NS_INT16SZ > eom)
RETERR(EMSGSIZE);
NS_GET16(handle->_flags, msg);
for (i = 0; i < ns_s_max; i++) {
if (msg + NS_INT16SZ > eom)
RETERR(EMSGSIZE);
NS_GET16(handle->_counts[i], msg);
}
for (i = 0; i < ns_s_max; i++)
if (handle->_counts[i] == 0)
handle->_sections[i] = NULL;
else {
int b = ns_skiprr(msg, eom, (ns_sect)i,
handle->_counts[i]);
if (b < 0)
return (-1);
handle->_sections[i] = msg;
msg += b;
}
if (msg != eom)
RETERR(EMSGSIZE);
setsection(handle, ns_s_max);
return (0);
}
......
================================================================
***************************************************************************************************
This E-mail message, including any attachments, is intended only for the person
or entity to which it is addressed, and may contain confidential information.
If you are not the intended recipient, any review, retransmission, disclosure,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.
If you have received this E-mail message in error, please contact the author and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the views
and opinions of FLEXTECH Television Limited.
***************************************************************************************************
More information about the bind-workers
mailing list