[Unbound-users] Cannot resolve allianz.pl

Roy Arends roy at dnss.ec
Wed Jul 29 17:46:04 UTC 2009

On Jul 29, 2009, at 4:16 PM, James Raftery wrote:

> On Wed, Jul 29, 2009 at 09:21:11AM -0400, Paul Wouters wrote:
>> [1248873376] libunbound[13422:0] debug: udp message[112:0]  
>> D7248410000100020000000107616C6C69616E7A02706C00000F000107616C6C69616E7A02706C00000F000100000E100014000505736D74703107616C6C69616E7A02706C0007616C6C69616E7A02706C00000F000100000E100014000505736D74703207616C6C69616E7A02706C00
> I also get the same (unbound 1.3.1 on FreeBSD). That packet received  
> from
> Allianz has ARCOUNT==1 in the header but there's no RR in the  
> additional
> section. I've captured it with tcpdump too and it's the same so  
> unbound isn't
> parsing it incorrectly.
> BTW, I get ``Warning: Message parser reports malformed message  
> packet.'' from
> dig if I do: dig @ allianz.pl mx +dnssec

The server listening at is broken. It suffers from a  
vulnerability that was known already in 2004: dns ping pong (a server  
responding to responses, not just to queries). Effectively, a single  
packet can take this one out.


Kind regards,

Roy Arends
Sr. Researcher
Nominet UK

More information about the Unbound-users mailing list