[dnscap-users] dnscap returns "Message too long"
Shawn Zhou
shawnzhou00 at yahoo.com
Thu Feb 25 17:09:36 UTC 2016
Awesome. Thanks for the quick response!
On Thursday, February 25, 2016 8:42 AM, "Wessels, Duane" <dwessels at verisign.com> wrote:
Hellow Shawn,
The message is coming from this part of the dnscap source code in file dump_dns.c:
99 if (ns_initparse(payload, paylen, &msg) < 0) {
100 fputs(strerror(errno), trace);
101 return;
102 }
so ns_initparse() is returning an error and setting errno = EMSGSIZE;
Here is one place that you can view the ns_initparse() source code, and you can see that it would return EMSGSIZE in some cases:
https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/ns_parse.c;h=712469be1d88c58ad475a432c0468a00b35818fe;hb=refs/heads/release/2.23/master
DW
> On Feb 24, 2016, at 1:52 PM, Shawn Zhou <shawnzhou00 at yahoo.com> wrote:
>
> Have anyone seen "Message too long" in dnscap output before?
> I wonder where dnscap gets "Message too long" from.
>
> From dnscap:
> [179] 2016-02-24 18:49:13.195337 [#5936 "some interface" 4095] \
> [10.145.50.95].53 [10.73.201.188].10074 \
> dns QUERY,NOERROR,52303,qr|rd|ra \
> 1 pixel2368.everesttech.net,IN,AAAA \
> 1 pixel2368.everesttech.net,IN,CNAME,64,tp00.everesttech.net.akadns.net \
> 1 akadns.net,IN,SOA,19,internal.akadns.net,hostmaster.akamai.com,1456339592,90000,90000,90000,180 0
> [513] 2016-02-24 18:49:13.195401 [#5937 "some interface" 4095] \
> [10.145.50.95].53 [10.73.201.188].23275 \
> dns Message too long
> [73] 2016-02-24 18:49:13.195566 [#5938 "some interface" 4095] \
> [216.145.54.155].26802 [10.145.50.95].53 \
> dns QUERY,NOERROR,62586,rd \
>
> tcpdump did show that 10.145.50.95 sent the response to 10.73.201.188:
> 18:49:13.195291 IP 10.73.201.188.10074 > 10.145.50.95.53: 52303+ AAAA? pixel2368.everesttech.net. (43)
> 18:49:13.195294 IP 10.145.50.95.53 > 10.73.201.188.51695: 37426 10/10/2 CNAME akamai-pixel.quantserve.com.akadns.net., CNAME px-lax007.quantserve.com.akadns.net., A 64.95.32.44, A 64.95.32.36, A 64.95.32.22, A 64.95.32.23, A 64.95.32.29, A 64.95.32.39, A 64.95.32.47, A 64.95.32.34 (498)
> 18:49:13.195299 IP 10.145.50.95.53 > 10.73.201.188.27723: 63678 2/1/0 CNAME akamai-pixel.quantserve.com.akadns.net., CNAME px-lax007.quantserve.com.akadns.net. (177)
> 18:49:13.195337 IP 10.145.50.95.53 > 10.73.201.188.10074: 52303 1/1/0 CNAME tp00.everesttech.net.akadns.net. (151)
> 18:49:13.195401 IP 10.145.50.95.53 > 10.73.201.188.23275: 58794 2/10/10 CNAME tp00.everesttech.net.akadns.net., A 192.243.232.36 (485)
> _______________________________________________
> dnscap-users mailing list
> dnscap-users at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dnscap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dnscap-users/attachments/20160225/7d74f44f/attachment.html>
More information about the dnscap-users
mailing list