Maintained by: NLnet Labs

[Unbound-users] Cannot resolve allianz.pl

Roy Arends
Wed Jul 29 19:46:04 CEST 2009


On Jul 29, 2009, at 4:16 PM, James Raftery wrote:

> On Wed, Jul 29, 2009 at 09:21:11AM -0400, Paul Wouters wrote:
>> [1248873376] libunbound[13422:0] debug: udp message[112:0]  
>> D7248410000100020000000107616C6C69616E7A02706C00000F000107616C6C69616E7A02706C00000F000100000E100014000505736D74703107616C6C69616E7A02706C0007616C6C69616E7A02706C00000F000100000E100014000505736D74703207616C6C69616E7A02706C00
>
> I also get the same (unbound 1.3.1 on FreeBSD). That packet received  
> from
> Allianz has ARCOUNT==1 in the header but there's no RR in the  
> additional
> section. I've captured it with tcpdump too and it's the same so  
> unbound isn't
> parsing it incorrectly.
>
> BTW, I get ``Warning: Message parser reports malformed message  
> packet.'' from
> dig if I do: dig @62.29.164.72 allianz.pl mx +dnssec

The server listening at 62.29.164.72 is broken. It suffers from a  
vulnerability that was known already in 2004: dns ping pong (a server  
responding to responses, not just to queries). Effectively, a single  
packet can take this one out.

http://www.uniras.gov.uk/vuls/2004/758884/index.htm

Kind regards,

Roy Arends
Sr. Researcher
Nominet UK