VirtualBox

Ticket #7711 (closed defect: obsolete)

Opened 3 years ago

Last modified 7 weeks ago

NAT networking corrupts EDNS0 packets

Reported by: zmichl Owned by:
Priority: major Component: network/NAT
Version: VirtualBox 3.2.10 Keywords: edns0
Cc: zbynek.michl@… Guest type: Linux
Host type: Linux

Description (last modified by frank) (diff)

Hello,

I have VirtualBox running on Linux, host is Debian, guest Ubuntu and NAT network adapter. When I try to ask my DNS resolver with EDNS0, reply packet from resolver is corrupted in some cases (when packet is larger than cca 1500 bytes). Bridge networking works correctly.

dig answer using NAT:

$ dig +edns=0 nic.cz ANY @217.31.204.130
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @217.31.204.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8960
;; flags: qr rd ra; QUERY: 1, ANSWER: 23, AUTHORITY: 0, ADDITIONAL: 8
;; WARNING: Messages has 10 extra bytes at end

;; QUESTION SECTION:
;nic.cz.				IN	ANY

;; ANSWER SECTION:
nic.cz.			108	IN	SOA	a.ns.nic.cz. hostmaster.nic.cz. 1288922585 10800 3600 1209600 7200
nic.cz.			108	IN	RRSIG	SOA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. TrF9zVN9n5SXMNOt1uPivtG4NVpnQZWRQxoT94GEGhP61Z8fdt3cDTw3 RRg1aXBVFEk2E/N6aa5iR93B9FMdPvQq0UVrZhEW/uHEac/d731ayD7G XxiTsA4caTAIN0t6MbL8SnodK73Sm+5eGTi0Hv79pxHLc/gCt1oZMxKQ u+A=
nic.cz.			1667	IN	NS	a.ns.nic.cz.
nic.cz.			1667	IN	NS	b.ns.nic.cz.
nic.cz.			1667	IN	NS	d.ns.nic.cz.
nic.cz.			1667	IN	RRSIG	NS 5 2 1800 20101119010305 20101105010305 60479 nic.cz. kAE79XWQUML3NB6WW/1+H2pA68matuhhfITNlpIwBh96Z78pCQZxC0x/ CM4a9aQUm+RG+V+vfQqd41GXXRxE7RfYqj8cEEnJI3SmFmQuLmVCrRZH m2/oWD5KvGCoWgo5QYnZgJWpkESRgDyD75jRbryW3AMAHQupg3FiEivV fn4=
nic.cz.			749	IN	A	217.31.205.50
nic.cz.			749	IN	RRSIG	A 5 2 1800 20101119010305 20101105010305 60479 nic.cz. d1KmnlwB+j9F63h1w7YceU3cCXCq+7/0ePTVqXLOgcREBPaT9jUz7ypd zx9rTxkbuWXZ+R177+IhXOxWoyLz4be/8UAesOiiRp0Sh8JF0qlAEE1n zj70RjW/B8AvtCyU4m7hh0/gULpsV767ikHhLM6GT4LIKfZAuvO1qJk4 2uA=
nic.cz.			749	IN	MX	10 mail.nic.cz.
nic.cz.			749	IN	MX	15 mail4.nic.cz.
nic.cz.			749	IN	MX	20 mx.cznic.org.
nic.cz.			749	IN	MX	30 bh.nic.cz.
nic.cz.			749	IN	RRSIG	MX 5 2 1800 20101119010305 20101105010305 60479 nic.cz. E4P3OpDV0YVK1oAQqVwvBhQQGIkD5BIvdBF/ehMJeOkB790OfOlFf9KP F8tlQuzdhMbFVk4y1FqnB0+LLtKnkpEVZGf62ykElZ0itLvBEiuTmQ9l TyRw6aOqNNfzEKirYVPxdq4dPbp6Wg8uAqLVEQgXebT0AQZuH6ond21F cuE=
nic.cz.			749	IN	AAAA	2001:1488:0:3::2
nic.cz.			749	IN	RRSIG	AAAA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. R4JRLPzyf9Rv2iZojLBn3AWRCgtIZO1HpA1lWQMs9kMDf6qyGEax+09V 432eh2/ltacVRy+a4aAdlLS8ppxhuIogAlh4uNZQIgimX0c5OqK1UpMk Ii/dZu609Ba9Ydh8ARhdN63gQGmiLbl0bTd0GsfCWJdGTYwlmS7bbU9Q eEw=
nic.cz.			7173	IN	NSEC	6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY
nic.cz.			7173	IN	RRSIG	NSEC 5 2 7200 20101119010305 20101105010305 60479 nic.cz. CYGrCVtYRj6XJVgmg2TpuTnxZAJ2kqianoudzKSJEBl+ZmMKyyKwuzdI UHjqIX5tLgrDIhzrgk/y6cqWeslJtTpJZCdqN53CN2yXTqMFG1ygQKFK /S3tN4anUp1BZPI98NpJe0gJOK+H+PUu+AULKMV26QyqHMoYB9rZPVPC wyg=
nic.cz.			2549	IN	DNSKEY	256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos=

;; Query time: 2 msec
;; SERVER: 217.31.204.130#53(217.31.204.130)
;; WHEN: Wed Nov 10 12:46:19 2010
;; MSG SIZE  rcvd: 1458

dig answer using bridge networking (packet is OK):

$ dig +edns=0 nic.cz ANY @217.31.204.130

; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @217.31.204.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46077
;; flags: qr rd ra; QUERY: 1, ANSWER: 23, AUTHORITY: 0, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nic.cz.				IN	ANY

;; ANSWER SECTION:
nic.cz.			1800	IN	SOA	a.ns.nic.cz. hostmaster.nic.cz. 1288922585 10800 3600 1209600 7200
nic.cz.			1800	IN	RRSIG	SOA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. TrF9zVN9n5SXMNOt1uPivtG4NVpnQZWRQxoT94GEGhP61Z8fdt3cDTw3 RRg1aXBVFEk2E/N6aa5iR93B9FMdPvQq0UVrZhEW/uHEac/d731ayD7G XxiTsA4caTAIN0t6MbL8SnodK73Sm+5eGTi0Hv79pxHLc/gCt1oZMxKQ u+A=
nic.cz.			1800	IN	NS	b.ns.nic.cz.
nic.cz.			1800	IN	NS	a.ns.nic.cz.
nic.cz.			1800	IN	NS	d.ns.nic.cz.
nic.cz.			1800	IN	RRSIG	NS 5 2 1800 20101119010305 20101105010305 60479 nic.cz. kAE79XWQUML3NB6WW/1+H2pA68matuhhfITNlpIwBh96Z78pCQZxC0x/ CM4a9aQUm+RG+V+vfQqd41GXXRxE7RfYqj8cEEnJI3SmFmQuLmVCrRZH m2/oWD5KvGCoWgo5QYnZgJWpkESRgDyD75jRbryW3AMAHQupg3FiEivV fn4=
nic.cz.			1800	IN	A	217.31.205.50
nic.cz.			1800	IN	RRSIG	A 5 2 1800 20101119010305 20101105010305 60479 nic.cz. d1KmnlwB+j9F63h1w7YceU3cCXCq+7/0ePTVqXLOgcREBPaT9jUz7ypd zx9rTxkbuWXZ+R177+IhXOxWoyLz4be/8UAesOiiRp0Sh8JF0qlAEE1n zj70RjW/B8AvtCyU4m7hh0/gULpsV767ikHhLM6GT4LIKfZAuvO1qJk4 2uA=
nic.cz.			1800	IN	MX	10 mail.nic.cz.
nic.cz.			1800	IN	MX	15 mail4.nic.cz.
nic.cz.			1800	IN	MX	20 mx.cznic.org.
nic.cz.			1800	IN	MX	30 bh.nic.cz.
nic.cz.			1800	IN	RRSIG	MX 5 2 1800 20101119010305 20101105010305 60479 nic.cz. E4P3OpDV0YVK1oAQqVwvBhQQGIkD5BIvdBF/ehMJeOkB790OfOlFf9KP F8tlQuzdhMbFVk4y1FqnB0+LLtKnkpEVZGf62ykElZ0itLvBEiuTmQ9l TyRw6aOqNNfzEKirYVPxdq4dPbp6Wg8uAqLVEQgXebT0AQZuH6ond21F cuE=
nic.cz.			1800	IN	AAAA	2001:1488:0:3::2
nic.cz.			1800	IN	RRSIG	AAAA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. R4JRLPzyf9Rv2iZojLBn3AWRCgtIZO1HpA1lWQMs9kMDf6qyGEax+09V 432eh2/ltacVRy+a4aAdlLS8ppxhuIogAlh4uNZQIgimX0c5OqK1UpMk Ii/dZu609Ba9Ydh8ARhdN63gQGmiLbl0bTd0GsfCWJdGTYwlmS7bbU9Q eEw=
nic.cz.			7200	IN	NSEC	6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY
nic.cz.			7200	IN	RRSIG	NSEC 5 2 7200 20101119010305 20101105010305 60479 nic.cz. CYGrCVtYRj6XJVgmg2TpuTnxZAJ2kqianoudzKSJEBl+ZmMKyyKwuzdI UHjqIX5tLgrDIhzrgk/y6cqWeslJtTpJZCdqN53CN2yXTqMFG1ygQKFK /S3tN4anUp1BZPI98NpJe0gJOK+H+PUu+AULKMV26QyqHMoYB9rZPVPC wyg=
nic.cz.			3600	IN	DNSKEY	257 3 5 BQEAAAABt3LenoCVTV0okqKYPDnnVJqvwCD9MKJNXg8fcOCdLQYncyoe hpwM5RK2UkZDcDxWkMo7yMa35ej+Mhpaji9si4xXD+Syl4Q06LFiFkdN /5GlVlrIdE3GW7zC7Z4sS14Vz8FbYfcRmhsh19Ob718jGZneGfw2UPbv kyxUR8wD7mguZn02fQ6tjj/Ktp4uSW9tpz3bjGMo2rX+iZk4xgbPaesA OlR/AaHdatGZsWC9CPon8mnLZeu6czm8CBDgBmnf3PE8c5+uyWj1Pw4p p0VQmnX5UrnuGpErg7qXhJm7wY2CRVRMcLX3zmjVWXW1uT9JFh2G+/pZ zxnASfKKltZpuw==
nic.cz.			3600	IN	DNSKEY	256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos=
nic.cz.			3600	IN	DNSKEY	257 3 5 AwEAAcNkfvS/b/+0Du0eVViVBnxb5Rt2jDAiv+NLqX53ka03NbYiq2Rv c7IZ+zhfo40PwDCIuJ7/CMXvOkkX7GAnC5CQWZ4jGoA//xtxJ/HIAFkf ThmK5oQqAsdtgjFliRo1QFsXLMbqQlyc0H5xT5Vqlh72U0JlRJUnYtVe F4AThcvwpUI0Rqwt4l80iDwFxes04c1AcBJZKigFX9hlcQi/LyEFOSb+ QP6+K/d/A+p2JydozxV+dRqHIl0oH/hU0FJy9U3VW50yUsPHWeeAdbCJ c+GWSpiGtFIsikTZYzZOWzHt5yiGRlOw1TU9gsl0mjcEM+GZxomPijbV jN2+d9r4Hgc=
nic.cz.			3600	IN	RRSIG	DNSKEY 5 2 3600 20101119010305 20101105010305 27979 nic.cz. Q3QgfuTgPzcY1FdtkZ7nL1nDPbTd+LWJ+PPjqQlZNCF+BVHf8W3rfzN5 hhf8JEx+ewlmZNoDtIE0OZ2Ua838RKb79EqJgZGjVoLFEA7JoI54dX+y exRvrt1l/XMXOwCOK4ItdGdfAQ7+U2qrXHQ7azY1FcrNUqMK62bNUQgn 3HKYP57fYTeX8kg2RNZxJmJwCnEvxxL4l5yT1LaTaYfhPWPqXS0hiG1z eIEpXbfKZTWVFEmQWi7AEKch/Uux1YL5fVdov/L8KHlQHVF6/YRqOp6e eYLln3GttDbqzQ2b1p5Drs2xrDWltmqWXT9bv4zEuLbIAhpbxRM9c6iq sBRXCw==
nic.cz.			3600	IN	RRSIG	DNSKEY 5 2 3600 20101119010305 20101105010305 59916 nic.cz. QSRvNDGapwSC5y8m8liJjK0IFASV21kC8VqVYjanzerlEqrQ2hLvHqpF X37VjZ36Rvti22EnwCSVneuxy9qstenI11S2Og98E86x35lwXcxk+ze6 JmMvr24khI0XYFNlgYi5OZ47ugPibADD8rdxD9JG8LA3C5wifc+UO2lq wyOTv8MUwFHqazsLHN2/hMDznkCnldPWbyLXHtYsUFMVWX14nuDCevAU heqJDW7nKjeV8AfCpBrY7TZcPR1lIktlq+VIOO4OSSU0SqqI4mXZiG5O 9CE8u/XOfFk93z7iupkP6ktL0LyDOM9cGiY36y6n9r9KwSdxe8iP5g4T 7sy/Lw==
nic.cz.			3600	IN	RRSIG	DNSKEY 5 2 3600 20101119010305 20101105010305 60479 nic.cz. UAwYv6Uz8UW+jpJ2Rq3pkAp2Tmh+uKte25EtxIGlMI6UKY78LwOYQsL4 ODUmb0xHa9Ut2yCCCykdZKswsIFCc8j6gzlBIrPSBzXu34w49fzNUdnh KaPmlbhnhTbQa505hjXv6fEjf8rhNnHyDFcc2h+XJ2/q8NiU5BnEDTXi +ec=

;; ADDITIONAL SECTION:
a.ns.nic.cz.		1800	IN	A	194.0.12.1
a.ns.nic.cz.		1800	IN	AAAA	2001:678:f::1
b.ns.nic.cz.		1800	IN	A	194.0.13.1
b.ns.nic.cz.		1800	IN	AAAA	2001:678:10::1
d.ns.nic.cz.		1800	IN	A	193.29.206.1
d.ns.nic.cz.		1800	IN	AAAA	2001:678:1::1

;; Query time: 13 msec
;; SERVER: 217.31.204.130#53(217.31.204.130)
;; WHEN: Wed Nov 10 12:49:03 2010
;; MSG SIZE  rcvd: 2887

I am attaching files with captured network traffic (both NAT and bridge).

Regards,
Zbynek

Attachments

VBox.log Download (43.4 KB) - added by zmichl 3 years ago.
edns0-nat.pcap Download (1.6 KB) - added by zmichl 3 years ago.
edns0-bridge.pcap Download (1.5 KB) - added by zmichl 3 years ago.
VBox-4.0.0b1.log Download (42.7 KB) - added by zmichl 3 years ago.
dump-nat.pcap Download (9.2 KB) - added by zmichl 3 years ago.
Dump with no DNS answer

Change History

Changed 3 years ago by zmichl

Changed 3 years ago by zmichl

Changed 3 years ago by zmichl

comment:1 Changed 3 years ago by Hachiman

Thanks, for reporting. I was able reproduce it locally.

comment:2 Changed 3 years ago by Hachiman

Could you please verify that 4.0.0 b1 fixes issue for you?

comment:3 Changed 3 years ago by zmichl

Not really. Now dig cannot get any reply:

$ dig +edns=0 nic.cz ANY @217.31.204.130

; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @217.31.204.130
;; global options: +cmd
;; connection timed out; no servers could be reached

However, when I ask VirtualBox's DNS proxy, it answers correctly now:

$ dig +edns=0 nic.cz ANY @10.0.4.2

; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @10.0.4.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8269
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 3, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nic.cz.				IN	ANY

;; ANSWER SECTION:
nic.cz.			1407	IN	RRSIG	NS 5 2 1800 20101216130302 20101202130302 60479 nic.cz. FHaZF5yTYdzrmQzWiIynSO7R/tdoyrojOAx3Q+aRSErK4SMTp1HrcWGL I6XVF8Nqn4yG4jbrQ/HLkBEcae0AAkE7ega7bjb4xr2hblSQuuyzhW4d qfnZOvHFg9ER+TnADeTzvuMxgjAXuJxRFPN90R26LLWeH0C8tyXfZpOA 0yc=
nic.cz.			1407	IN	NS	d.ns.nic.cz.
nic.cz.			1407	IN	NS	a.ns.nic.cz.
nic.cz.			1407	IN	NS	b.ns.nic.cz.
nic.cz.			7857	IN	RRSIG	DS 10 2 18000 20101216173424 20101203010610 14863 cz. HO9rjgLjo8rfFelICvutqOTnfPDkOLW9t0aafkBkFa2nzlG0/jn3FfeG xnNPnBPhJleb2t7NEPJOU3T78MscXfxcAK5sMv1ohCuLgYt/N6bIJ9px hSn0jYcO3s/NDTd8oOuphUXMDjMYwGP8OlOF1mnjHTO2EpH7HeXMmKYb 6C4=
nic.cz.			7857	IN	DS	59916 5 1 144130216E45C4EC2BB8595E817916E8B060D87B
nic.cz.			7857	IN	DS	27979 5 1 FF11E740A0254EC63C738A47E52ABF3AD91D8C43
nic.cz.			1265	IN	RRSIG	DNSKEY 5 2 3600 20101216130302 20101202130302 27979 nic.cz. YAoVdVm+qOQiF1lFird0Ae1VkRWHp/nrr7wzt0h0fpLePVu7IsvY58Dk 99CD9+w7A1+UyR1k/b33bjQ6ZZirjFZiA+TDikghImEdk3QwPUxkuxka o1l8ddqGPBkSvGlyPwN2df4CCKPogtmNIpL3a/+A/SLeQYp3GjjLzqIC o1u6xl4jsloT3H0ZIeLE+OojDbfHGTSu/jf6rXvUWOtSAaHtIE2wSg/R s+V4ERcVJI3AousuR30cbHcvLnPV2RyWKsEBhbG2LNJJLHmRg3Mr62Z9 kOu5YWotqCbYe30f1CaUyEfHZK1RMbU5KnkW5uCAN3whUeFW3/LUp11k Dc36kw==
nic.cz.			1265	IN	RRSIG	DNSKEY 5 2 3600 20101216130302 20101202130302 59916 nic.cz. Ij66rfTN5uiZG5uu8E7QLm/wNX+UrsZtcX6Rnu0K1l/v1ZfcbpE9UUp3 HDYzLlvvxCMOG6BTHhx5yxbNRhm+OvSPQhyvI5MO04mNXXQ2dH9a/Oax 3vzcuzFAqThlXJLkc0eODcIPnfx60mhFMiYt5hUTLxvL4xT0b9b47j5M 13KjFgTvlUnyMIE0BI/UzESe//aM8zrGeoFWoQFBmcGap+Yxt8L8Wefv k5y879PJQOyAGJ6fBoFctXj9PKrWFWr08BQuhsR+hk6g89jerejASpeE YWoyIT5BtKlwK8A2IrJIjRUEVoifWWqrMODKZlrdlsNtVAWGgxg9Vi0k +v6eYQ==
nic.cz.			1265	IN	RRSIG	DNSKEY 5 2 3600 20101216130302 20101202130302 60479 nic.cz. Qf6J/dewL3mGfk2dp7/A/9eUoXRx2FxIYpdEoGZHRhbATH0xOXbb8K74 EDejIqlekuyqH/wolbiaMdM43DWUKeRurSFQUWr+6Ao9bub0H9idAG6+ mtgGzV8XR3z3GLkKz7BvgT8UpDd7YkXScGa2rLBe4zY0hFxtuPXMTHX1 Bwk=
nic.cz.			1265	IN	DNSKEY	256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos=
nic.cz.			1265	IN	DNSKEY	257 3 5 AwEAAcNkfvS/b/+0Du0eVViVBnxb5Rt2jDAiv+NLqX53ka03NbYiq2Rv c7IZ+zhfo40PwDCIuJ7/CMXvOkkX7GAnC5CQWZ4jGoA//xtxJ/HIAFkf ThmK5oQqAsdtgjFliRo1QFsXLMbqQlyc0H5xT5Vqlh72U0JlRJUnYtVe F4AThcvwpUI0Rqwt4l80iDwFxes04c1AcBJZKigFX9hlcQi/LyEFOSb+ QP6+K/d/A+p2JydozxV+dRqHIl0oH/hU0FJy9U3VW50yUsPHWeeAdbCJ c+GWSpiGtFIsikTZYzZOWzHt5yiGRlOw1TU9gsl0mjcEM+GZxomPijbV jN2+d9r4Hgc=
nic.cz.			1265	IN	DNSKEY	257 3 5 BQEAAAABt3LenoCVTV0okqKYPDnnVJqvwCD9MKJNXg8fcOCdLQYncyoe hpwM5RK2UkZDcDxWkMo7yMa35ej+Mhpaji9si4xXD+Syl4Q06LFiFkdN /5GlVlrIdE3GW7zC7Z4sS14Vz8FbYfcRmhsh19Ob718jGZneGfw2UPbv kyxUR8wD7mguZn02fQ6tjj/Ktp4uSW9tpz3bjGMo2rX+iZk4xgbPaesA OlR/AaHdatGZsWC9CPon8mnLZeu6czm8CBDgBmnf3PE8c5+uyWj1Pw4p p0VQmnX5UrnuGpErg7qXhJm7wY2CRVRMcLX3zmjVWXW1uT9JFh2G+/pZ zxnASfKKltZpuw==
nic.cz.			6055	IN	RRSIG	NSEC 5 2 7200 20101216130302 20101202130302 60479 nic.cz. MCS/PApTt2d2gjvmdebBMRTQpb8zPBFW5SwFB2T95Kt2ap64KYLF4jiG PtxjtEVBSg2p19qV7QApqKTKYVXTieIy7v78+g9z3EzbdTsXYIbHkln2 2fAswPdDwKSmboTyWk2I4XLXbzA0LeO2qcbN6CMS8p3aBp4OhdOb9DyQ MPc=
nic.cz.			6055	IN	NSEC	6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY

;; AUTHORITY SECTION:
nic.cz.			1407	IN	NS	d.ns.nic.cz.
nic.cz.			1407	IN	NS	a.ns.nic.cz.
nic.cz.			1407	IN	NS	b.ns.nic.cz.

;; ADDITIONAL SECTION:
a.ns.nic.cz.		1407	IN	A	194.0.12.1
a.ns.nic.cz.		1407	IN	AAAA	2001:678:f::1
b.ns.nic.cz.		1407	IN	A	194.0.13.1
b.ns.nic.cz.		1407	IN	AAAA	2001:678:10::1
d.ns.nic.cz.		1407	IN	A	193.29.206.1
d.ns.nic.cz.		1407	IN	AAAA	2001:678:1::1

;; Query time: 1 msec
;; SERVER: 10.0.4.2#53(10.0.4.2)
;; WHEN: Tue Dec  7 15:27:54 2010
;; MSG SIZE  rcvd: 2318

I am attaching VB log file and pcap with network traffic (semms to be an IP fragmentation issue).

Regards,
Zbynek

Changed 3 years ago by zmichl

Changed 3 years ago by zmichl

Dump with no DNS answer

comment:4 Changed 3 years ago by Hachiman

thanks for feeback.

comment:5 Changed 3 years ago by Hachiman

Interesting here I have similar issue with the exception that I have valid out put from 8.8.8.8 (google dns)

vbox@vbox-VirtualBox:~$ dig +edns=0 nic.cz ANY @217.31.204.130

; <<>> DiG 9.7.1-P2 <<>> +edns=0 nic.cz ANY @217.31.204.130
;; global options: +cmd
;; connection timed out; no servers could be reached

with google dns.

vbox@vbox-VirtualBox:~$ dig +edns=0 nic.cz ANY @8.8.8.8
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.7.1-P2 <<>> +edns=0 nic.cz ANY @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57099
;; flags: qr rd ra; QUERY: 1, ANSWER: 23, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;nic.cz.				IN	ANY

;; ANSWER SECTION:
nic.cz.			1605	IN	SOA	a.ns.nic.cz. hostmaster.nic.cz. 1291298582 10800 3600 1209600 7200
nic.cz.			1605	IN	RRSIG	SOA 5 2 1800 20101216130302 20101202130302 60479 nic.cz. XafSEHctdakQu2aX+iTToa99FmZkC+LkN1Mrxu9GvMf3XwY140yKUzdE RFRB/r6gg5pW9Hs9scmVB8i+OF38aZ6grIobaL//VAI++SWVGHPRU2l/ eYt7SDkxCMvTIQ36aF4eKA24fgWv97bQlvFN9xyvXxJ+K3k/zPccQ/uf Pa4=
nic.cz.			1605	IN	NS	d.ns.nic.cz.
nic.cz.			1605	IN	NS	b.ns.nic.cz.
nic.cz.			1605	IN	NS	a.ns.nic.cz.
nic.cz.			1605	IN	RRSIG	NS 5 2 1800 20101216130302 20101202130302 60479 nic.cz. FHaZF5yTYdzrmQzWiIynSO7R/tdoyrojOAx3Q+aRSErK4SMTp1HrcWGL I6XVF8Nqn4yG4jbrQ/HLkBEcae0AAkE7ega7bjb4xr2hblSQuuyzhW4d qfnZOvHFg9ER+TnADeTzvuMxgjAXuJxRFPN90R26LLWeH0C8tyXfZpOA 0yc=
nic.cz.			1605	IN	A	217.31.205.50
nic.cz.			1605	IN	RRSIG	A 5 2 1800 20101216130302 20101202130302 60479 nic.cz. dyEm4+myMIwewJKB0c0hAf0jEb18fAZM/ZZCK4CuqbhzFc2uN+KkZ3m2 y5w358HCMzlKvjRSoCyqivywyCZaFoOlD3umpkP9f44WDIRiZo61XwEN 8BWvUteeLzQCWyypTTNEuyPLBft6Ol3+f7xrd6L09psTr2zO9dd0Um2/ 35M=
nic.cz.			1605	IN	MX	10 mail.nic.cz.
nic.cz.			1605	IN	MX	15 mail4.nic.cz.
nic.cz.			1605	IN	MX	20 mx.cznic.org.
nic.cz.			1605	IN	MX	30 bh.nic.cz.
nic.cz.			1605	IN	RRSIG	MX 5 2 1800 20101216130302 20101202130302 60479 nic.cz. OqAVj2YI9S2OD/5edKsWmlyYlbxKAtSTdwBI6Lr8ANrAnletKJr1amOY mHJZ9YcCj0FAesOmQ6Tyvlecwkgxnhon/Dor8G8SosbUqEITRRp385Lg R3VwfDwW+s81uKDmetSVLAgnLEX9pyjsh4yXfn7gOzSW1DCnghvMtOP8 7X0=
nic.cz.			1605	IN	AAAA	2001:1488:0:3::2
nic.cz.			1605	IN	RRSIG	AAAA 5 2 1800 20101216130302 20101202130302 60479 nic.cz. Sbz26JFoTs8qeZfmJ0VfMD9cc3qQhmOPEeqZEibBzGPFmxSDC637Sdvy jLOfhd3FJ5IMen7ohD3JbWVRjDCYQ1bmG9xIx7toCY31bhK5aEypTotm 9hpzrOLxR7RVSdYBUoS88BGXeQB9oBPvZ6C/oZqQDCwWJitGdU0hjP8W efE=
nic.cz.			7005	IN	NSEC	6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY
nic.cz.			7005	IN	RRSIG	NSEC 5 2 7200 20101216130302 20101202130302 60479 nic.cz. MCS/PApTt2d2gjvmdebBMRTQpb8zPBFW5SwFB2T95Kt2ap64KYLF4jiG PtxjtEVBSg2p19qV7QApqKTKYVXTieIy7v78+g9z3EzbdTsXYIbHkln2 2fAswPdDwKSmboTyWk2I4XLXbzA0LeO2qcbN6CMS8p3aBp4OhdOb9DyQ MPc=
nic.cz.			3405	IN	DNSKEY	256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos=
nic.cz.			3405	IN	DNSKEY	257 3 5 AwEAAcNkfvS/b/+0Du0eVViVBnxb5Rt2jDAiv+NLqX53ka03NbYiq2Rv c7IZ+zhfo40PwDCIuJ7/CMXvOkkX7GAnC5CQWZ4jGoA//xtxJ/HIAFkf ThmK5oQqAsdtgjFliRo1QFsXLMbqQlyc0H5xT5Vqlh72U0JlRJUnYtVe F4AThcvwpUI0Rqwt4l80iDwFxes04c1AcBJZKigFX9hlcQi/LyEFOSb+ QP6+K/d/A+p2JydozxV+dRqHIl0oH/hU0FJy9U3VW50yUsPHWeeAdbCJ c+GWSpiGtFIsikTZYzZOWzHt5yiGRlOw1TU9gsl0mjcEM+GZxomPijbV jN2+d9r4Hgc=
nic.cz.			3405	IN	DNSKEY	257 3 5 BQEAAAABt3LenoCVTV0okqKYPDnnVJqvwCD9MKJNXg8fcOCdLQYncyoe hpwM5RK2UkZDcDxWkMo7yMa35ej+Mhpaji9si4xXD+Syl4Q06LFiFkdN /5GlVlrIdE3GW7zC7Z4sS14Vz8FbYfcRmhsh19Ob718jGZneGfw2UPbv kyxUR8wD7mguZn02fQ6tjj/Ktp4uSW9tpz3bjGMo2rX+iZk4xgbPaesA OlR/AaHdatGZsWC9CPon8mnLZeu6czm8CBDgBmnf3PE8c5+uyWj1Pw4p p0VQmnX5UrnuGpErg7qXhJm7wY2CRVRMcLX3zmjVWXW1uT9JFh2G+/pZ zxnASfKKltZpuw==
nic.cz.			3405	IN	RRSIG	DNSKEY 5 2 3600 20101216130302 20101202130302 27979 nic.cz. YAoVdVm+qOQiF1lFird0Ae1VkRWHp/nrr7wzt0h0fpLePVu7IsvY58Dk 99CD9+w7A1+UyR1k/b33bjQ6ZZirjFZiA+TDikghImEdk3QwPUxkuxka o1l8ddqGPBkSvGlyPwN2df4CCKPogtmNIpL3a/+A/SLeQYp3GjjLzqIC o1u6xl4jsloT3H0ZIeLE+OojDbfHGTSu/jf6rXvUWOtSAaHtIE2wSg/R s+V4ERcVJI3AousuR30cbHcvLnPV2RyWKsEBhbG2LNJJLHmRg3Mr62Z9 kOu5YWotqCbYe30f1CaUyEfHZK1RMbU5KnkW5uCAN3whUeFW3/LUp11k Dc36kw==
nic.cz.			3405	IN	RRSIG	DNSKEY 5 2 3600 20101216130302 20101202130302 59916 nic.cz. Ij66rfTN5uiZG5uu8E7QLm/wNX+UrsZtcX6Rnu0K1l/v1ZfcbpE9UUp3 HDYzLlvvxCMOG6BTHhx5yxbNRhm+OvSPQhyvI5MO04mNXXQ2dH9a/Oax 3vzcuzFAqThlXJLkc0eODcIPnfx60mhFMiYt5hUTLxvL4xT0b9b47j5M 13KjFgTvlUnyMIE0BI/UzESe//aM8zrGeoFWoQFBmcGap+Yxt8L8Wefv k5y879PJQOyAGJ6fBoFctXj9PKrWFWr08BQuhsR+hk6g89jerejASpeE YWoyIT5BtKlwK8A2IrJIjRUEVoifWWqrMODKZlrdlsNtVAWGgxg9Vi0k +v6eYQ==
nic.cz.			3405	IN	RRSIG	DNSKEY 5 2 3600 20101216130302 20101202130302 60479 nic.cz. Qf6J/dewL3mGfk2dp7/A/9eUoXRx2FxIYpdEoGZHRhbATH0xOXbb8K74 EDejIqlekuyqH/wolbiaMdM43DWUKeRurSFQUWr+6Ao9bub0H9idAG6+ mtgGzV8XR3z3GLkKz7BvgT8UpDd7YkXScGa2rLBe4zY0hFxtuPXMTHX1 Bwk=

;; Query time: 76 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec  7 21:08:52 2010
;; MSG SIZE  rcvd: 2755

vbox@vbox-VirtualBox:~$ 

will investigate why they are so different.

comment:6 follow-up: ↓ 7 Changed 3 years ago by zmichl

It is because google DNS replies with truncate bit and then dig sends new TCP query (which is OK over NAT). It seems that their DNS server does not support EDNS0.

$ dig +edns=0 +ignore nic.cz ANY @8.8.8.8

; <<>> DiG 9.7.2-P2 <<>> +edns=0 +ignore nic.cz ANY @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49715
;; flags: qr tc rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;nic.cz.				IN	ANY

;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec  7 19:39:57 2010
;; MSG SIZE  rcvd: 35

Zbynek

comment:7 in reply to: ↑ 6 Changed 3 years ago by Hachiman

Yes you're right google unswers in TCP. Could you please try modify aliasing mode to proxyonly: e.g.

#VBoxManage modifyvm u10.10 --nataliasmode1 proxyonly

comment:8 Changed 3 years ago by zmichl

It works correctly with proxyonly setting ;)

Zbynek

comment:9 Changed 3 years ago by Hachiman

Thanks, for feedback. So alias library corrupts IP datagrams.

comment:10 Changed 7 weeks ago by frank

  • Status changed from new to closed
  • Resolution set to obsolete
  • Description modified (diff)
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use