Discussion:
[Dnsmasq-discuss] Got bad packet: bad compression pointer
Igor Lidin
2017-02-27 14:08:14 UTC
Permalink
I'm observing the following problem with dnsmasq 2.76 on arm7 platform.

Dnsmasq is responing with bad packet, but shouldn't. This is somehow related to DNSSEC, ial.ru is signed.

this is through local dnsmasq forwarding server:

# dig soa guardian.ial.ru @127.0.0.1
;; Got bad packet: bad compression pointer
131 bytes
a8 45 83 80 00 01 00 01 00 01 00 01 08 67 75 61 .E...........gua
72 64 69 61 6e 03 69 61 6c 02 72 75 00 00 06 00 rdian.ial.ru....
01 c0 0c 00 05 00 01 00 00 0e 0f 00 10 08 67 75 ..............gu
61 72 64 69 61 6e 02 75 6b 02 74 6f 00 c0 36 00 ardian.uk.to..6.
06 00 01 00 00 0e 10 00 2f 03 6e 73 31 06 61 66 ......../.ns1.af
72 61 69 64 03 6f 72 67 00 08 64 6e 73 61 64 6d raid.org..dnsadm
69 6e c1 d9 65 76 95 a3 00 01 51 80 00 00 1c 20 in..ev....Q.....
00 24 ea 00 00 00 0e 10 00 00 29 10 00 00 00 00 .$........).....
00 00 00 ...

this is though google dns on the same host:

# dig soa guardian.ial.ru @8.8.8.8

; <<>> DiG 9.10.4-P5 <<>> soa guardian.ial.ru @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31031
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;guardian.ial.ru. IN SOA

;; ANSWER SECTION:
guardian.ial.ru. 12 IN CNAME guardian.uk.to.

;; AUTHORITY SECTION:
uk.to. 1666 IN SOA ns1.afraid.org. dnsadmin.afraid.org. 1702270369 86400 7200 2419200 3600

;; Query time: 63 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 27 14:05:09 UTC 2017
;; MSG SIZE rcvd: 131

this is related info:

# dnsmasq -v
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth DNSSEC loop-detect inotify

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.

# uname -a
Linux guardian 2.6.36.4brcmarm #1 SMP PREEMPT Thu Feb 2 21:42:22 CET 2017 armv7l GNU/Linux

# drill soa guardian.ial.ru
Error: error sending query: Invalid compression pointer

# drill -v
drill version 1.6.17 (ldns version 1.6.17)
Written by NLnet Labs.

Copyright (c) 2004-2008 NLnet Labs.
Licensed under the revised BSD license.
There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.

Best regards,
Igor Lidin
Simon Kelley
2017-02-27 16:01:24 UTC
Permalink
Can you easily test newer code? Either git-HEAD or 2.77test3 has a fix
for a bug which looks remarkably like this, and it would be good to
eliminate that before going further.


Cheers,

Simon.
Post by Igor Lidin
I'm observing the following problem with dnsmasq 2.76 on arm7
platform.
Dnsmasq is responing with bad packet, but shouldn't. This is
somehow related to DNSSEC, ial.ru is signed.
compression pointer 131 bytes a8 45 83 80 00 01 00 01 00 01 00 01
08 67 75 61 .E...........gua 72 64 69 61 6e 03 69 61 6c 02
72 75 00 00 06 00 rdian.ial.ru.... 01 c0 0c 00 05 00 01 00
00 0e 0f 00 10 08 67 75 ..............gu 61 72 64 69 61 6e
02 75 6b 02 74 6f 00 c0 36 00 ardian.uk.to..6. 06 00 01 00
00 0e 10 00 2f 03 6e 73 31 06 61 66 ......../.ns1.af 72 61
69 64 03 6f 72 67 00 08 64 6e 73 61 64 6d
raid.org..dnsadm 69 6e c1 d9 65 76 95 a3 00 01 51 80 00 00 1c 20
in..ev....Q..... 00 24 ea 00 00 00 0e 10 00 00 29 10 00 00 00 00
.$........)..... 00 00 00
...
NOERROR, id: 31031 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;;
QUESTION SECTION: ;guardian.ial.ru. IN SOA
;; ANSWER SECTION: guardian.ial.ru. 12 IN CNAME
guardian.uk.to.
;; AUTHORITY SECTION: uk.to. 1666 IN SOA
ns1.afraid.org. dnsadmin.afraid.org. 1702270369 86400 7200 2419200
3600
;; Query time: 63 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon
Feb 27 14:05:09 UTC 2017 ;; MSG SIZE rcvd: 131
# dnsmasq -v Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon
Kelley Compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper
auth DNSSEC loop-detect inotify
This software comes with ABSOLUTELY NO WARRANTY. Dnsmasq is free
software, and you are welcome to redistribute it under the terms of
the GNU General Public License, version 2 or 3.
# uname -a Linux guardian 2.6.36.4brcmarm #1 SMP PREEMPT Thu Feb 2
21:42:22 CET 2017 armv7l GNU/Linux
# drill soa guardian.ial.ru Error: error sending query: Invalid
compression pointer
# drill -v drill version 1.6.17 (ldns version 1.6.17) Written by
NLnet Labs.
Copyright (c) 2004-2008 NLnet Labs. Licensed under the revised BSD
license. There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
Best regards, Igor Lidin
_______________________________________________ Dnsmasq-discuss
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...