[dnscap-users] dnscap returns "Message too long"

Thu Feb 25 16:42:01 UTC 2016

Hellow Shawn,

The message is coming from this part of the dnscap source code in file dump_dns.c:

     99         if (ns_initparse(payload, paylen, &msg) < 0) {
    100                 fputs(strerror(errno), trace);
    101                 return;
    102         }

so ns_initparse() is returning an error and setting errno = EMSGSIZE;

Here is one place that you can view the ns_initparse() source code, and you can see that it would return EMSGSIZE in some cases:

https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/ns_parse.c;h=712469be1d88c58ad475a432c0468a00b35818fe;hb=refs/heads/release/2.23/master

DW

> On Feb 24, 2016, at 1:52 PM, Shawn Zhou <shawnzhou00 at yahoo.com> wrote:
> 
> Have anyone seen "Message too long" in dnscap output before?
> I wonder where dnscap gets "Message too long" from.
> 
> From dnscap:
> [179] 2016-02-24 18:49:13.195337 [#5936 "some interface" 4095] \
>         [10.145.50.95].53 [10.73.201.188].10074  \
>         dns QUERY,NOERROR,52303,qr|rd|ra \
>         1 pixel2368.everesttech.net,IN,AAAA \
>         1 pixel2368.everesttech.net,IN,CNAME,64,tp00.everesttech.net.akadns.net \
>         1 akadns.net,IN,SOA,19,internal.akadns.net,hostmaster.akamai.com,1456339592,90000,90000,90000,180 0
> [513] 2016-02-24 18:49:13.195401 [#5937 "some interface" 4095] \
>         [10.145.50.95].53 [10.73.201.188].23275  \
>         dns Message too long
> [73] 2016-02-24 18:49:13.195566 [#5938 "some interface" 4095] \
>         [216.145.54.155].26802 [10.145.50.95].53  \
>         dns QUERY,NOERROR,62586,rd \
> 
> tcpdump did show that 10.145.50.95 sent the response to 10.73.201.188:
> 18:49:13.195291 IP 10.73.201.188.10074 > 10.145.50.95.53: 52303+ AAAA? pixel2368.everesttech.net. (43)
> 18:49:13.195294 IP 10.145.50.95.53 > 10.73.201.188.51695: 37426 10/10/2 CNAME akamai-pixel.quantserve.com.akadns.net., CNAME px-lax007.quantserve.com.akadns.net., A 64.95.32.44, A 64.95.32.36, A 64.95.32.22, A 64.95.32.23, A 64.95.32.29, A 64.95.32.39, A 64.95.32.47, A 64.95.32.34 (498)
> 18:49:13.195299 IP 10.145.50.95.53 > 10.73.201.188.27723: 63678 2/1/0 CNAME akamai-pixel.quantserve.com.akadns.net., CNAME px-lax007.quantserve.com.akadns.net. (177)
> 18:49:13.195337 IP 10.145.50.95.53 > 10.73.201.188.10074: 52303 1/1/0 CNAME tp00.everesttech.net.akadns.net. (151)
> 18:49:13.195401 IP 10.145.50.95.53 > 10.73.201.188.23275: 58794 2/10/10 CNAME tp00.everesttech.net.akadns.net., A 192.243.232.36 (485)
> _______________________________________________
> dnscap-users mailing list
> dnscap-users at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dnscap-users