[Dnssec-trigger] A new kind of brokenness in Internet access
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Dec 29 07:30:38 UTC 2011
% dnssec-trigger-control status
at 2011-12-29 08:25:23
authority 192.228.79.201: OK
cache 192.168.1.1: error cannot disassemble reply: answer section incomplete
state: auth secure
And, indeed, the answer is mangled:
% dig +dnssec @192.168.1.1 DNSKEY .
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.7.3 <<>> +dnssec @192.168.1.1 DNSKEY .
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24575
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: Messages has 62 extra bytes at end
;; QUESTION SECTION:
;. IN DNSKEY
;; ANSWER SECTION:
. 31438 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
. 31438 IN DNSKEY 256 3 8 AwEAAZ/NErKzyMlImJ+2HTmK9qeH2sLUywlsF+mJbTP5GKoYFHoU2vn2 Zqr261Lk7a6jfBKYny5GX7BDRJcVvig36TgOinE9QP5KVS0RxdrOl98g KLwFMORfNf/wjCwjPdEl1GgaGYl0npJ4c+x+o6aa/xmDKJo9zUlpvb7B LxbJ7HwF
;; Query time: 37 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Dec 29 08:26:14 2011
;; MSG SIZE rcvd: 512
dnssec-trigger 0.8 deals correctly with it.
(Belgacom broadband access in a home in Brussels.)
More information about the dnssec-trigger
mailing list