Home page logo
/

nanog logo nanog mailing list archives

Re: Common operational misconceptions
From: Daniel Griggs <daniel () fx net nz>
Date: Fri, 17 Feb 2012 10:23:30 +1300

Seems like dig doesn't always advertise a big enough buffer, I was having
the same issue as you. If you set the buffer size on the command line it
works as directed.

Daniels-Mac-mini:~ daniel$ dig edns-v4-ok.isc.org txt @149.20.64.58
;; Truncated, retrying in TCP mode.
;; Connection to 149.20.64.58#53(149.20.64.58) for
edns-v4-ok.isc.orgfailed: connection refused.
Daniels-Mac-mini:~ daniel$ dig edns-v4-ok.isc.org txt @149.20.64.58+bufsize=4096

; <<>> DiG 9.7.3-P3 <<>> edns-v4-ok.isc.org txt @149.20.64.58 +bufsize=4096
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18209
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;edns-v4-ok.isc.org.        IN    TXT

;; ANSWER SECTION:
edns-v4-ok.isc.org.    0    IN    TXT    "EDNS-4096-OK" "EDNS-4096-OK"
"EDNS-4096-OK" "EDNS-4096-OK" "EDNS-4096-OK" "EDNS-4096-OK"
<snip>
"EDNS-4"

;; Query time: 176 msec
;; SERVER: 149.20.64.58#53(149.20.64.58)
;; WHEN: Fri Feb 17 10:22:08 2012
;; MSG SIZE  rcvd: 4096




On 17 February 2012 05:53, Phil Regnauld <regnauld () nsrc org> wrote:

       Borderline dns-ops, sorry folks! - but this is interesting
       as we've been talking about ipv6 being operational, and this
       is part of it...

Mark Andrews (marka) writes:

If you are seeing TC between the resolver and the server and the TCP
query is being answers then
something in the path is intercepting the DNS queries.

        TC is on the answer from the remote server to my resolver, so
yeah, seems
       like something is messing with the packets.

    Don't see any v6 fragments (that'd be a problem since PF doesn't
handle
    them on this host).

You should see something like this on the wire.  The second query is to
answer
dig's query over TCP.

        I'm not seeing fragments as you are.

       Here's what I see:

14:40:20.955876 IP6 2001:2000:1080:d::2.64561 > 2001:4f8:0:2::8.53: 52841
TXT? edns-v6-ok.isc.org. (36)
14:40:21.141948 IP6 2001:4f8:0:2::8.53 > 2001:2000:1080:d::2.64561:
52841*-| 0/0/0 (36)
14:40:21.142259 IP6 2001:2000:1080:d::2.53262 > 2001:4f8:0:2::8.53: Flags
[S], seq 1112939462, win 65535, options [mss 1440,nop,wscale 6,sackOK,TS
val 2571957531 ecr 0], length 0
14:40:21.327895 IP6 2001:4f8:0:2::8.53 > 2001:2000:1080:d::2.53262: Flags
[R.], seq 0, ack 1112939463, win 0, length 0

       Cheers,
       Phil




-- 
Daniel Griggs
Network Operations
e: daniel () fx net nz
d: +64 4 4989567


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault