I guess the obvious solution is to use another DNS server upstream
instead of the Windows one..
Cheers,
Simon.
On 07/12/16 16:02, Scott Bonar wrote:
> Albert,
>
>
> First let me be clear - I don't believe this is a DNSMasq issue
> since I can reproduce it with dig. I was just hoping with all the
> DNS experts on this forum that someone would have seen this issue
> with the Windows Server and give me some pointers on possible
> solutions.
>
>
> Second, here is an example trace of the error.
>
>
> No. Time Source Destination
> Protocol Length Info 1 0.000000 172.19.9.210
> 65.153.116.46 DNS 97 Standard query 0x7613 A
> www.google.com OPT
>
> Frame 1: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
> Ethernet II, Src: Shuttle_97:5f:7c (80:ee:73:97:5f:7c), Dst:
> JuniperN_b1:4a:e0 (0c:86:10:b1:4a:e0) Internet Protocol Version 4,
> Src: 172.19.9.210, Dst: 65.153.116.46 User Datagram Protocol, Src
> Port: 54012, Dst Port: 53 Domain Name System (query) [Response In:
> 2] Transaction ID: 0x7613 Flags: 0x0120 Standard query 0... ....
> .... .... = Response: Message is a query .000 0... .... .... =
> Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message
> is not truncated .... ...1 .... .... = Recursion desired: Do query
> recursively .... .... .0.. .... = Z: reserved (0) .... .... ..1.
> .... = AD bit: Set .... .... ...0 .... = Non-authenticated data:
> Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional
> RRs: 1 Queries www.google.com: type A, class IN Name:
> www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host
> Address) (1) Class: IN (0x0001) Additional records <Root>: type
> OPT Name: <Root> Type: OPT (41) UDP payload size: 4096 Higher bits
> in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... ....
> .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000
> 0000 = Reserved: 0x0000 Data length: 12 Option: CSUBNET - Client
> subnet Option Code: CSUBNET - Client subnet (8) Option Length: 8
> Option Data: 00012000ac1309d2 Family: IPv4 (1) Source Netmask: 32
> Scope Netmask: 0 Client Subnet: 172.19.9.210
>
> No. Time Source Destination
> Protocol Length Info 2 0.025748 65.153.116.46
> 172.19.9.210 DNS 97 Standard query response
> 0x7613 Format error A www.google.com OPT
>
> Frame 2: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
> Ethernet II, Src: JuniperN_b1:4a:e0 (0c:86:10:b1:4a:e0), Dst:
> Shuttle_97:5f:7c (80:ee:73:97:5f:7c) Internet Protocol Version 4,
> Src: 65.153.116.46, Dst: 172.19.9.210 User Datagram Protocol, Src
> Port: 53, Dst Port: 54012 Domain Name System (response) [Request
> In: 1] [Time: 0.025748000 seconds] Transaction ID: 0x7613 Flags:
> 0x8101 Standard query response, Format error 1... .... .... .... =
> Response: Message is a response .000 0... .... .... = Opcode:
> Standard query (0) .... .0.. .... .... = Authoritative: Server is
> not an authority for domain .... ..0. .... .... = Truncated:
> Message is not truncated .... ...1 .... .... = Recursion desired:
> Do query recursively .... .... 0... .... = Recursion available:
> Server can't do recursive queries .... .... .0.. .... = Z: reserved
> (0) .... .... ..0. .... = Answer authenticated: Answer/authority
> portion was not authenticated by the server .... .... ...0 .... =
> Non-authenticated data: Unacceptable .... .... .... 0001 = Reply
> code: Format error (1) Questions: 1 Answer RRs: 0 Authority RRs: 0
> Additional RRs: 1 Queries www.google.com: type A, class IN Name:
> www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host
> Address) (1) Class: IN (0x0001) Additional records <Root>: type
> OPT Name: <Root> Type: OPT (41) UDP payload size: 4096 Higher bits
> in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... ....
> .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000
> 0000 = Reserved: 0x0000 Data length: 12 Option: CSUBNET - Client
> subnet Option Code: CSUBNET - Client subnet (8) Option Length: 8
> Option Data: 00012000ac1309d2 Family: IPv4 (1) Source Netmask: 32
> Scope Netmask: 0 Client Subnet: 172.19.9.210
>
>
> ________________________________ From: Albert ARIBAUD
> <***@free.fr> Sent: Wednesday, December 7, 2016 6:20:32
> AM To: Scott Bonar Cc: dnsmasq-***@lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Format Errors using add-subnet
>
> Hi Scott,
>
> Le Mon, 5 Dec 2016 20:10:44 +0000 Scott Bonar
> <***@cradlepoint.com> a écrit:
>
>> When using this option (which I really need to do) for DNS
>> queries, I get Format Errors from the upstream DNS servers if
>> they are Windows Servers 2008 through at least 2012. Has anyone
>> seen this and is there a workaround either in DNSMasq or
>> Windows?
>>
>> Your help is appreciated.
>
> Maybe an actual example (ideally with a Wireshark or tcdump
> capture) could help pinpoint the issue.
>
>> Scott Bonar
>
> Amicalement, -- Albert.
>
>
>
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-***@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>