[Unbound-users] Cannot resolve allianz.pl
Roy Arends
roy at dnss.ec
Wed Jul 29 17:46:04 UTC 2009
On Jul 29, 2009, at 4:16 PM, James Raftery wrote:
> On Wed, Jul 29, 2009 at 09:21:11AM -0400, Paul Wouters wrote:
>> [1248873376] libunbound[13422:0] debug: udp message[112:0]
>> D7248410000100020000000107616C6C69616E7A02706C00000F000107616C6C69616E7A02706C00000F000100000E100014000505736D74703107616C6C69616E7A02706C0007616C6C69616E7A02706C00000F000100000E100014000505736D74703207616C6C69616E7A02706C00
>
> I also get the same (unbound 1.3.1 on FreeBSD). That packet received
> from
> Allianz has ARCOUNT==1 in the header but there's no RR in the
> additional
> section. I've captured it with tcpdump too and it's the same so
> unbound isn't
> parsing it incorrectly.
>
> BTW, I get ``Warning: Message parser reports malformed message
> packet.'' from
> dig if I do: dig @62.29.164.72 allianz.pl mx +dnssec
The server listening at 62.29.164.72 is broken. It suffers from a
vulnerability that was known already in 2004: dns ping pong (a server
responding to responses, not just to queries). Effectively, a single
packet can take this one out.
http://www.uniras.gov.uk/vuls/2004/758884/index.htm
Kind regards,
Roy Arends
Sr. Researcher
Nominet UK
More information about the Unbound-users
mailing list