Public bug reported:
I have seen this problem repeatedly. It seems to be a problem with
Ubuntu 8.10, particularly the X64 version.
Most commonly seems to affect wireless connections using a local server
for DHCP and DNS lookup.
Symptom:
Although NetworkManager has properly configured the wireless interface, and
correctly set up /etc/resolv.conf with the address of the router, DNS lookup
just fails. ping etc works, but only if you use the IP address (ie,
google.com=72.14.205.100)
Manually adding your ISPs nameserver to /etc/resolv.conf seems to fix
the problem (as far as getting you onto the internet) but it would
appear that this is in fact masking the underlying problem.
Using 'host google.com' as an example, this is the result of the dns
lookup request:
sudo tcpdump -i wlan0 -X -vvv -n -l -s 256 port 53
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 256 bytes
12:04:33.836997 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP
(17), length 56) 192.168.0.3.43626 > 192.168.0.1.53: [udp sum ok] 40938+ A?
google.com. (28)
0x0000: 4500 0038 0000 4000 4011 b960 c0a8 0003 e.....@.@..`....
0x0010: c0a8 0001 aa6a 0035 0024 200e 9fea 0100 .....j.5.$......
0x0020: 0001 0000 0000 0000 0667 6f6f 676c 6503 .........google.
0x0030: 636f 6d00 0001 0001 com.....
12:04:33.839626 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP
(17), length 72) 192.168.0.255.53 > 192.168.0.3.43626: [udp sum ok] 40938- q:
A? google.com. 1/0/0 google.com. A 209.85.171.100 (44)
0x0000: 4500 0048 0000 4000 4011 b852 c0a8 00ff e.....@.@..R....
0x0010: c0a8 0003 0035 aa6a 0034 3b11 9fea 8100 .....5.j.4;.....
0x0020: 0001 0001 0000 0000 0667 6f6f 676c 6503 .........google.
0x0030: 636f 6d00 0001 0001 c00c 0001 0001 0000 com.............
0x0040: 2710 0004 d155 ab64
As can been seen, the return packet has a source address of
192.168.0.255 ... which is wrong, and the address resolution ignores it.
Doing the same query and trace on a different computer on the same network
gives this result:
tcpdump: listening on ath0, link-type EN10MB (Ethernet), capture size 256 bytes
20:34:09.348011 IP (tos 0x0, ttl 64, id 16610, offset 0, flags [DF], proto:
UDP (17), length: 56) 192.168.0.3.32774 > 192.168.0.1.53: [udp sum ok] 5070+
A? google.com. (28)
0x0000: 4500 0038 40e2 4000 4011 787e c0a8 0003 e...@.@....@.x~....
0x0010: c0a8 0001 8006 0035 0024 d68e 13ce 0100 .......5.$......
0x0020: 0001 0000 0000 0000 0667 6f6f 676c 6503 .........google.
0x0030: 636f 6d00 0001 0001 com.....
20:34:09.349927 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP
(17), length: 72) 192.168.0.1.53 > 192.168.0.3.32774: [udp sum ok] 5070- q: A?
google.com. 1/0/0 google.com. A 74.125.45.100 (44)
0x0000: 4500 0048 0000 4000 4011 b950 c0a8 0001 e.....@.@..P....
0x0010: c0a8 0003 0035 8006 0034 f768 13ce 8100 .....5...4.h....
0x0020: 0001 0001 0000 0000 0667 6f6f 676c 6503 .........google.
0x0030: 636f 6d00 0001 0001 c00c 0001 0001 0000 com.............
0x0040: 2710 0004 4a7d 2d64 '...J}-d
This works just fine, the return package is properly formed.
It only appears to be a problem using the local router as a nameserver. Using
the ISPs nameservers, you can see the packets being properly formed.
Just to add complexity to the problem, if you take the interface up and down a
few times, the symptoms change.
It starts working after a fashion:
host returns a "malformed message packet" ... as can be seen from the
tcpdump trace below, the response packet is short:
host -v google.com 192.168.0.1
Received 44 bytes from 192.168.0.1#53 in 10 ms
Trying "google.com"
;; Warning: Message parser reports malformed message packet.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34713
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN AAAA
21:12:43.075041 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP
(17), length 56) 192.168.0.8.34063 > 192.168.0.1.53: [udp sum ok] 34713+ AAAA?
google.com. (28)
0x0000: 4500 0038 0000 4000 4011 b95b c0a8 0008 e.....@.@..[....
0x0010: c0a8 0001 850f 0035 0024 5d9a 8799 0100 .......5.$].....
0x0020: 0001 0000 0000 0000 0667 6f6f 676c 6503 .........google.
0x0030: 636f 6d00 001c 0001 com.....
21:12:43.080714 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP
(17), length 56) 192.168.0.1.53 > 192.168.0.8.34063: [udp sum ok] 34713- q:
AAAA? google.com. 1/0/0 [|domain]
0x0000: 4500 0038 0000 4000 4011 b95b c0a8 0001 e.....@.@..[....
0x0010: c0a8 0008 0035 850f 0024 dd98 8799 8100 .....5...$......
0x0020: 0001 0001 0000 0000 0667 6f6f 676c 6503 .........google.
0x0030: 636f 6d00 001c 0001 com.....
----------------
This appears to be a widespread problem, hopefully this will be of some help
solving the underlying issue.
Robbie
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
dns packets malformed
https://bugs.launchpad.net/bugs/312399
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
