Re: Got bad packet: bad label type

Tue, 21 Oct 2008 17:49:26 -0700 

In message <[EMAIL PROTECTED]>, "Linu
x Addict" writes:
> On Tue, Oct 21, 2008 at 6:24 PM, Mark Andrews <[EMAIL PROTECTED]> wrote:
> 
> >
> > In message <[EMAIL PROTECTED]>,
> > "Linu
> > x Addict" writes:
> > > I get this error when I try resolve some specific records. Anyone know
> > what
> > > it means and how to resolve it.
> >
> >         You got a malformed packet.
> >
> > > ;; Got bad packet: bad label type
> > > 160 bytes
> > > 2b 3c 81 80 00 01 00 04 00 00 00 00 09 5f 6b 65
> >   id=11068
> >              questions=1
> >                    answers=4
> >                          authorityu=0
> >                                additional=0
> >                                         _kerberos.
> > > 72 62 65 72 6f 73 04 5f 75 64 70 05 49 54 57 45
> >                        _tcp.          ITWEB.
> > > 42 05 57 45 42 4d 44 03 4e 45 54 00 00 21 00 01
> >         WEBMD.            CET.        SRV   IN
> > > c0 0c 00 21 00 01 00 00 00 77 00 10 00 00 00 64 <------------------\
> >  compression point to offset 0x0c (_tcp.ITWEB.WEBMD.CET.)           |
> >        SRV   IN    119         16    0     100                      |
> > > 00 58 07 64 6e 79 64 63 30 32 c0 3f c0 0c 00 21                    |
> >   88       dnydc02.             compression pointer to offset 3f ----/
> >                         (which is 0x64, which is not a valid label).
> > > 00 01 00 00 00 77 00 10 00 00 00 64 00 58 07 64
> > > 6e 79 64 63 30 31 c0 3f c0 0c 00 21 00 01 00 00
> > > 00 77 00 10 00 00 00 64 00 58 07 64 6e 6a 64 63
> > > 30 32 c0 3f c0 0c 00 21 00 01 00 00 00 77 00 10
> > > 00 00 00 64 00 58 07 64 6e 6a 64 63 30 31 c0 3f
> > >
> > > Thanks
> > > LA
> > >
> > >
> > >
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: [EMAIL PROTECTED]
> >
> 
> 
> This is awesome!! How did you decode it?

        The contents of a DNS packet are described in RFCs 1034 and
        RFC 1035.  It's a simple matter to just read the data.

> Now How do I fix it?

        You fix the server (usually that means upgrade) that sent
        you the response and/or any middle box (nat/firewall) that
        mucked with the packets contents.

        All the compression pointers in the SRV records are bad
        which rules out random packet corruption.  So you are looking
        at the software that wrote / re-wrote the DNS payload.

        Mark
> 
> Thanks, LA
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [EMAIL PROTECTED]

Reply via email to