On Jul 29, 2009, at 4:16 PM, James Raftery wrote: > On Wed, Jul 29, 2009 at 09:21:11AM -0400, Paul Wouters wrote: >> [1248873376] libunbound[13422:0] debug: udp message[112:0] >> D7248410000100020000000107616C6C69616E7A02706C00000F000107616C6C69616E7A02706C00000F000100000E100014000505736D74703107616C6C69616E7A02706C0007616C6C69616E7A02706C00000F000100000E100014000505736D74703207616C6C69616E7A02706C00 > > I also get the same (unbound 1.3.1 on FreeBSD). That packet received > from > Allianz has ARCOUNT==1 in the header but there's no RR in the > additional > section. I've captured it with tcpdump too and it's the same so > unbound isn't > parsing it incorrectly. > > BTW, I get ``Warning: Message parser reports malformed message > packet.'' from > dig if I do: dig @62.29.164.72 allianz.pl mx +dnssec The server listening at 62.29.164.72 is broken. It suffers from a vulnerability that was known already in 2004: dns ping pong (a server responding to responses, not just to queries). Effectively, a single packet can take this one out. http://www.uniras.gov.uk/vuls/2004/758884/index.htm Kind regards, Roy Arends Sr. Researcher Nominet UK