[dns-operations] last call on dnscap

Tyler Reguly ht at computerdefense.org
Wed May 16 16:28:49 UTC 2007


uname -a output
htregz at iMac:~$ uname -a
Linux iMac 2.6.15-28-powerpc #1 Tue Mar 13 20:52:09 UTC 2007 ppc GNU/Linux


On 5/16/07, Tyler Reguly <ht at computerdefense.org> wrote:
> Sorry for the delay in responding
>
> The error is easily reproduced just using nslookup
>
> root at iMac:/home/htregz/dnscap# ./dnscap -c2 -g
> ;@ 2007-05-16 11:18:32.826504 - 53 octets via "some interface" (msg #1)
> ;: [192.168.2.50]:1090 -> [192.168.1.1]:53
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17967
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      imac.lndn.phub.net.cable.rogers.com, type = A, class = IN
> ;--
> ;@ 2007-05-16 11:18:32.843609 - 22 octets via "some interface" (msg #2)
> ;: [192.168.2.50]:1090 -> [192.168.1.1]:53
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54043
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      imac, type = A, class = IN
> ;--
> root at iMac:/home/htregz/dnscap# ./dnscap -c2 -g
> ;@ 2007-05-16 11:18:47.651893 - 31 octets via "some interface" (msg #1)
> ;: [192.168.2.50]:1090 -> [192.168.1.1]:53
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60248
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      www.google.ca, type = A, class = IN
> ;--
> ;@ 2007-05-16 11:18:47.654775 - 157 octets via "some interface" (msg #2)
> ;: [192.168.1.1]:53 -> [192.168.2.50]:1090
> ;; ns_initparse: Message too long
> ;--
>
>
>
>
> On 5/14/07, Paul Vixie <paul at vix.com> wrote:
> > > I emailed in with my problem before... the error was based on
> > > comparison always being true... A colleague of mine (C developer
> > > solved the problem) one that you may encounter in other cases.
> > >
> > > In the parse_args function... ch in defined as a char, in order to
> > > compile properly, we had to define char as an int.
> >
> > anoncvs has this fix on board, the tarball did not, fixed now.
> >
> > > Now it runs... However I ran into an interesting error... I connected
> > > to ssh while dnscap was running... the following occured:
> > >
> > > ;@ 2007-05-14 19:38:01.825893 - 44 octets via "some interface" (msg #1)
> > > ;: [192.168.2.50]:1087 -> [192.168.1.1]:53
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22475
> > > ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > > ;;      XX.XX.XX.XX.in-addr.arpa, type = PTR, class = IN
> > > ;--
> > > ;@ 2007-05-14 19:38:01.829034 - 89 octets via "some interface" (msg #2)
> > > ;: [192.168.1.1]:53 -> [192.168.2.50]:1087
> > > ;; ns_initparse: Message too long
> > > ;--
> >
> > make sure your version is up to date and then if this still doesn't work,
> > send your "uname -a" output.
> >
>



More information about the dns-operations mailing list