#7711 closed defect (obsolete)
NAT networking corrupts EDNS0 packets
Reported by: | Zbynek Michl | Owned by: | |
---|---|---|---|
Component: | network/NAT | Version: | VirtualBox 3.2.10 |
Keywords: | edns0 | Cc: | zbynek.michl@… |
Guest type: | Linux | Host type: | Linux |
Description (last modified by )
Hello,
I have VirtualBox running on Linux, host is Debian, guest Ubuntu and NAT network adapter. When I try to ask my DNS resolver with EDNS0, reply packet from resolver is corrupted in some cases (when packet is larger than cca 1500 bytes). Bridge networking works correctly.
dig answer using NAT:
$ dig +edns=0 nic.cz ANY @217.31.204.130 ;; Warning: Message parser reports malformed message packet. ; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @217.31.204.130 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8960 ;; flags: qr rd ra; QUERY: 1, ANSWER: 23, AUTHORITY: 0, ADDITIONAL: 8 ;; WARNING: Messages has 10 extra bytes at end ;; QUESTION SECTION: ;nic.cz. IN ANY ;; ANSWER SECTION: nic.cz. 108 IN SOA a.ns.nic.cz. hostmaster.nic.cz. 1288922585 10800 3600 1209600 7200 nic.cz. 108 IN RRSIG SOA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. TrF9zVN9n5SXMNOt1uPivtG4NVpnQZWRQxoT94GEGhP61Z8fdt3cDTw3 RRg1aXBVFEk2E/N6aa5iR93B9FMdPvQq0UVrZhEW/uHEac/d731ayD7G XxiTsA4caTAIN0t6MbL8SnodK73Sm+5eGTi0Hv79pxHLc/gCt1oZMxKQ u+A= nic.cz. 1667 IN NS a.ns.nic.cz. nic.cz. 1667 IN NS b.ns.nic.cz. nic.cz. 1667 IN NS d.ns.nic.cz. nic.cz. 1667 IN RRSIG NS 5 2 1800 20101119010305 20101105010305 60479 nic.cz. kAE79XWQUML3NB6WW/1+H2pA68matuhhfITNlpIwBh96Z78pCQZxC0x/ CM4a9aQUm+RG+V+vfQqd41GXXRxE7RfYqj8cEEnJI3SmFmQuLmVCrRZH m2/oWD5KvGCoWgo5QYnZgJWpkESRgDyD75jRbryW3AMAHQupg3FiEivV fn4= nic.cz. 749 IN A 217.31.205.50 nic.cz. 749 IN RRSIG A 5 2 1800 20101119010305 20101105010305 60479 nic.cz. d1KmnlwB+j9F63h1w7YceU3cCXCq+7/0ePTVqXLOgcREBPaT9jUz7ypd zx9rTxkbuWXZ+R177+IhXOxWoyLz4be/8UAesOiiRp0Sh8JF0qlAEE1n zj70RjW/B8AvtCyU4m7hh0/gULpsV767ikHhLM6GT4LIKfZAuvO1qJk4 2uA= nic.cz. 749 IN MX 10 mail.nic.cz. nic.cz. 749 IN MX 15 mail4.nic.cz. nic.cz. 749 IN MX 20 mx.cznic.org. nic.cz. 749 IN MX 30 bh.nic.cz. nic.cz. 749 IN RRSIG MX 5 2 1800 20101119010305 20101105010305 60479 nic.cz. E4P3OpDV0YVK1oAQqVwvBhQQGIkD5BIvdBF/ehMJeOkB790OfOlFf9KP F8tlQuzdhMbFVk4y1FqnB0+LLtKnkpEVZGf62ykElZ0itLvBEiuTmQ9l TyRw6aOqNNfzEKirYVPxdq4dPbp6Wg8uAqLVEQgXebT0AQZuH6ond21F cuE= nic.cz. 749 IN AAAA 2001:1488:0:3::2 nic.cz. 749 IN RRSIG AAAA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. R4JRLPzyf9Rv2iZojLBn3AWRCgtIZO1HpA1lWQMs9kMDf6qyGEax+09V 432eh2/ltacVRy+a4aAdlLS8ppxhuIogAlh4uNZQIgimX0c5OqK1UpMk Ii/dZu609Ba9Ydh8ARhdN63gQGmiLbl0bTd0GsfCWJdGTYwlmS7bbU9Q eEw= nic.cz. 7173 IN NSEC 6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY nic.cz. 7173 IN RRSIG NSEC 5 2 7200 20101119010305 20101105010305 60479 nic.cz. CYGrCVtYRj6XJVgmg2TpuTnxZAJ2kqianoudzKSJEBl+ZmMKyyKwuzdI UHjqIX5tLgrDIhzrgk/y6cqWeslJtTpJZCdqN53CN2yXTqMFG1ygQKFK /S3tN4anUp1BZPI98NpJe0gJOK+H+PUu+AULKMV26QyqHMoYB9rZPVPC wyg= nic.cz. 2549 IN DNSKEY 256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos= ;; Query time: 2 msec ;; SERVER: 217.31.204.130#53(217.31.204.130) ;; WHEN: Wed Nov 10 12:46:19 2010 ;; MSG SIZE rcvd: 1458
dig answer using bridge networking (packet is OK):
$ dig +edns=0 nic.cz ANY @217.31.204.130 ; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @217.31.204.130 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46077 ;; flags: qr rd ra; QUERY: 1, ANSWER: 23, AUTHORITY: 0, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;nic.cz. IN ANY ;; ANSWER SECTION: nic.cz. 1800 IN SOA a.ns.nic.cz. hostmaster.nic.cz. 1288922585 10800 3600 1209600 7200 nic.cz. 1800 IN RRSIG SOA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. TrF9zVN9n5SXMNOt1uPivtG4NVpnQZWRQxoT94GEGhP61Z8fdt3cDTw3 RRg1aXBVFEk2E/N6aa5iR93B9FMdPvQq0UVrZhEW/uHEac/d731ayD7G XxiTsA4caTAIN0t6MbL8SnodK73Sm+5eGTi0Hv79pxHLc/gCt1oZMxKQ u+A= nic.cz. 1800 IN NS b.ns.nic.cz. nic.cz. 1800 IN NS a.ns.nic.cz. nic.cz. 1800 IN NS d.ns.nic.cz. nic.cz. 1800 IN RRSIG NS 5 2 1800 20101119010305 20101105010305 60479 nic.cz. kAE79XWQUML3NB6WW/1+H2pA68matuhhfITNlpIwBh96Z78pCQZxC0x/ CM4a9aQUm+RG+V+vfQqd41GXXRxE7RfYqj8cEEnJI3SmFmQuLmVCrRZH m2/oWD5KvGCoWgo5QYnZgJWpkESRgDyD75jRbryW3AMAHQupg3FiEivV fn4= nic.cz. 1800 IN A 217.31.205.50 nic.cz. 1800 IN RRSIG A 5 2 1800 20101119010305 20101105010305 60479 nic.cz. d1KmnlwB+j9F63h1w7YceU3cCXCq+7/0ePTVqXLOgcREBPaT9jUz7ypd zx9rTxkbuWXZ+R177+IhXOxWoyLz4be/8UAesOiiRp0Sh8JF0qlAEE1n zj70RjW/B8AvtCyU4m7hh0/gULpsV767ikHhLM6GT4LIKfZAuvO1qJk4 2uA= nic.cz. 1800 IN MX 10 mail.nic.cz. nic.cz. 1800 IN MX 15 mail4.nic.cz. nic.cz. 1800 IN MX 20 mx.cznic.org. nic.cz. 1800 IN MX 30 bh.nic.cz. nic.cz. 1800 IN RRSIG MX 5 2 1800 20101119010305 20101105010305 60479 nic.cz. E4P3OpDV0YVK1oAQqVwvBhQQGIkD5BIvdBF/ehMJeOkB790OfOlFf9KP F8tlQuzdhMbFVk4y1FqnB0+LLtKnkpEVZGf62ykElZ0itLvBEiuTmQ9l TyRw6aOqNNfzEKirYVPxdq4dPbp6Wg8uAqLVEQgXebT0AQZuH6ond21F cuE= nic.cz. 1800 IN AAAA 2001:1488:0:3::2 nic.cz. 1800 IN RRSIG AAAA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. R4JRLPzyf9Rv2iZojLBn3AWRCgtIZO1HpA1lWQMs9kMDf6qyGEax+09V 432eh2/ltacVRy+a4aAdlLS8ppxhuIogAlh4uNZQIgimX0c5OqK1UpMk Ii/dZu609Ba9Ydh8ARhdN63gQGmiLbl0bTd0GsfCWJdGTYwlmS7bbU9Q eEw= nic.cz. 7200 IN NSEC 6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY nic.cz. 7200 IN RRSIG NSEC 5 2 7200 20101119010305 20101105010305 60479 nic.cz. CYGrCVtYRj6XJVgmg2TpuTnxZAJ2kqianoudzKSJEBl+ZmMKyyKwuzdI UHjqIX5tLgrDIhzrgk/y6cqWeslJtTpJZCdqN53CN2yXTqMFG1ygQKFK /S3tN4anUp1BZPI98NpJe0gJOK+H+PUu+AULKMV26QyqHMoYB9rZPVPC wyg= nic.cz. 3600 IN DNSKEY 257 3 5 BQEAAAABt3LenoCVTV0okqKYPDnnVJqvwCD9MKJNXg8fcOCdLQYncyoe hpwM5RK2UkZDcDxWkMo7yMa35ej+Mhpaji9si4xXD+Syl4Q06LFiFkdN /5GlVlrIdE3GW7zC7Z4sS14Vz8FbYfcRmhsh19Ob718jGZneGfw2UPbv kyxUR8wD7mguZn02fQ6tjj/Ktp4uSW9tpz3bjGMo2rX+iZk4xgbPaesA OlR/AaHdatGZsWC9CPon8mnLZeu6czm8CBDgBmnf3PE8c5+uyWj1Pw4p p0VQmnX5UrnuGpErg7qXhJm7wY2CRVRMcLX3zmjVWXW1uT9JFh2G+/pZ zxnASfKKltZpuw== nic.cz. 3600 IN DNSKEY 256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos= nic.cz. 3600 IN DNSKEY 257 3 5 AwEAAcNkfvS/b/+0Du0eVViVBnxb5Rt2jDAiv+NLqX53ka03NbYiq2Rv c7IZ+zhfo40PwDCIuJ7/CMXvOkkX7GAnC5CQWZ4jGoA//xtxJ/HIAFkf ThmK5oQqAsdtgjFliRo1QFsXLMbqQlyc0H5xT5Vqlh72U0JlRJUnYtVe F4AThcvwpUI0Rqwt4l80iDwFxes04c1AcBJZKigFX9hlcQi/LyEFOSb+ QP6+K/d/A+p2JydozxV+dRqHIl0oH/hU0FJy9U3VW50yUsPHWeeAdbCJ c+GWSpiGtFIsikTZYzZOWzHt5yiGRlOw1TU9gsl0mjcEM+GZxomPijbV jN2+d9r4Hgc= nic.cz. 3600 IN RRSIG DNSKEY 5 2 3600 20101119010305 20101105010305 27979 nic.cz. Q3QgfuTgPzcY1FdtkZ7nL1nDPbTd+LWJ+PPjqQlZNCF+BVHf8W3rfzN5 hhf8JEx+ewlmZNoDtIE0OZ2Ua838RKb79EqJgZGjVoLFEA7JoI54dX+y exRvrt1l/XMXOwCOK4ItdGdfAQ7+U2qrXHQ7azY1FcrNUqMK62bNUQgn 3HKYP57fYTeX8kg2RNZxJmJwCnEvxxL4l5yT1LaTaYfhPWPqXS0hiG1z eIEpXbfKZTWVFEmQWi7AEKch/Uux1YL5fVdov/L8KHlQHVF6/YRqOp6e eYLln3GttDbqzQ2b1p5Drs2xrDWltmqWXT9bv4zEuLbIAhpbxRM9c6iq sBRXCw== nic.cz. 3600 IN RRSIG DNSKEY 5 2 3600 20101119010305 20101105010305 59916 nic.cz. QSRvNDGapwSC5y8m8liJjK0IFASV21kC8VqVYjanzerlEqrQ2hLvHqpF X37VjZ36Rvti22EnwCSVneuxy9qstenI11S2Og98E86x35lwXcxk+ze6 JmMvr24khI0XYFNlgYi5OZ47ugPibADD8rdxD9JG8LA3C5wifc+UO2lq wyOTv8MUwFHqazsLHN2/hMDznkCnldPWbyLXHtYsUFMVWX14nuDCevAU heqJDW7nKjeV8AfCpBrY7TZcPR1lIktlq+VIOO4OSSU0SqqI4mXZiG5O 9CE8u/XOfFk93z7iupkP6ktL0LyDOM9cGiY36y6n9r9KwSdxe8iP5g4T 7sy/Lw== nic.cz. 3600 IN RRSIG DNSKEY 5 2 3600 20101119010305 20101105010305 60479 nic.cz. UAwYv6Uz8UW+jpJ2Rq3pkAp2Tmh+uKte25EtxIGlMI6UKY78LwOYQsL4 ODUmb0xHa9Ut2yCCCykdZKswsIFCc8j6gzlBIrPSBzXu34w49fzNUdnh KaPmlbhnhTbQa505hjXv6fEjf8rhNnHyDFcc2h+XJ2/q8NiU5BnEDTXi +ec= ;; ADDITIONAL SECTION: a.ns.nic.cz. 1800 IN A 194.0.12.1 a.ns.nic.cz. 1800 IN AAAA 2001:678:f::1 b.ns.nic.cz. 1800 IN A 194.0.13.1 b.ns.nic.cz. 1800 IN AAAA 2001:678:10::1 d.ns.nic.cz. 1800 IN A 193.29.206.1 d.ns.nic.cz. 1800 IN AAAA 2001:678:1::1 ;; Query time: 13 msec ;; SERVER: 217.31.204.130#53(217.31.204.130) ;; WHEN: Wed Nov 10 12:49:03 2010 ;; MSG SIZE rcvd: 2887
I am attaching files with captured network traffic (both NAT and bridge).
Regards,
Zbynek
Attachments (5)
Change History (16)
by , 14 years ago
by , 14 years ago
Attachment: | edns0-nat.pcap added |
---|
by , 14 years ago
Attachment: | edns0-bridge.pcap added |
---|
comment:1 by , 14 years ago
comment:3 by , 14 years ago
Not really. Now dig cannot get any reply:
$ dig +edns=0 nic.cz ANY @217.31.204.130 ; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @217.31.204.130 ;; global options: +cmd ;; connection timed out; no servers could be reached
However, when I ask VirtualBox's DNS proxy, it answers correctly now:
$ dig +edns=0 nic.cz ANY @10.0.4.2 ; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @10.0.4.2 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8269 ;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 3, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;nic.cz. IN ANY ;; ANSWER SECTION: nic.cz. 1407 IN RRSIG NS 5 2 1800 20101216130302 20101202130302 60479 nic.cz. FHaZF5yTYdzrmQzWiIynSO7R/tdoyrojOAx3Q+aRSErK4SMTp1HrcWGL I6XVF8Nqn4yG4jbrQ/HLkBEcae0AAkE7ega7bjb4xr2hblSQuuyzhW4d qfnZOvHFg9ER+TnADeTzvuMxgjAXuJxRFPN90R26LLWeH0C8tyXfZpOA 0yc= nic.cz. 1407 IN NS d.ns.nic.cz. nic.cz. 1407 IN NS a.ns.nic.cz. nic.cz. 1407 IN NS b.ns.nic.cz. nic.cz. 7857 IN RRSIG DS 10 2 18000 20101216173424 20101203010610 14863 cz. HO9rjgLjo8rfFelICvutqOTnfPDkOLW9t0aafkBkFa2nzlG0/jn3FfeG xnNPnBPhJleb2t7NEPJOU3T78MscXfxcAK5sMv1ohCuLgYt/N6bIJ9px hSn0jYcO3s/NDTd8oOuphUXMDjMYwGP8OlOF1mnjHTO2EpH7HeXMmKYb 6C4= nic.cz. 7857 IN DS 59916 5 1 144130216E45C4EC2BB8595E817916E8B060D87B nic.cz. 7857 IN DS 27979 5 1 FF11E740A0254EC63C738A47E52ABF3AD91D8C43 nic.cz. 1265 IN RRSIG DNSKEY 5 2 3600 20101216130302 20101202130302 27979 nic.cz. YAoVdVm+qOQiF1lFird0Ae1VkRWHp/nrr7wzt0h0fpLePVu7IsvY58Dk 99CD9+w7A1+UyR1k/b33bjQ6ZZirjFZiA+TDikghImEdk3QwPUxkuxka o1l8ddqGPBkSvGlyPwN2df4CCKPogtmNIpL3a/+A/SLeQYp3GjjLzqIC o1u6xl4jsloT3H0ZIeLE+OojDbfHGTSu/jf6rXvUWOtSAaHtIE2wSg/R s+V4ERcVJI3AousuR30cbHcvLnPV2RyWKsEBhbG2LNJJLHmRg3Mr62Z9 kOu5YWotqCbYe30f1CaUyEfHZK1RMbU5KnkW5uCAN3whUeFW3/LUp11k Dc36kw== nic.cz. 1265 IN RRSIG DNSKEY 5 2 3600 20101216130302 20101202130302 59916 nic.cz. Ij66rfTN5uiZG5uu8E7QLm/wNX+UrsZtcX6Rnu0K1l/v1ZfcbpE9UUp3 HDYzLlvvxCMOG6BTHhx5yxbNRhm+OvSPQhyvI5MO04mNXXQ2dH9a/Oax 3vzcuzFAqThlXJLkc0eODcIPnfx60mhFMiYt5hUTLxvL4xT0b9b47j5M 13KjFgTvlUnyMIE0BI/UzESe//aM8zrGeoFWoQFBmcGap+Yxt8L8Wefv k5y879PJQOyAGJ6fBoFctXj9PKrWFWr08BQuhsR+hk6g89jerejASpeE YWoyIT5BtKlwK8A2IrJIjRUEVoifWWqrMODKZlrdlsNtVAWGgxg9Vi0k +v6eYQ== nic.cz. 1265 IN RRSIG DNSKEY 5 2 3600 20101216130302 20101202130302 60479 nic.cz. Qf6J/dewL3mGfk2dp7/A/9eUoXRx2FxIYpdEoGZHRhbATH0xOXbb8K74 EDejIqlekuyqH/wolbiaMdM43DWUKeRurSFQUWr+6Ao9bub0H9idAG6+ mtgGzV8XR3z3GLkKz7BvgT8UpDd7YkXScGa2rLBe4zY0hFxtuPXMTHX1 Bwk= nic.cz. 1265 IN DNSKEY 256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos= nic.cz. 1265 IN DNSKEY 257 3 5 AwEAAcNkfvS/b/+0Du0eVViVBnxb5Rt2jDAiv+NLqX53ka03NbYiq2Rv c7IZ+zhfo40PwDCIuJ7/CMXvOkkX7GAnC5CQWZ4jGoA//xtxJ/HIAFkf ThmK5oQqAsdtgjFliRo1QFsXLMbqQlyc0H5xT5Vqlh72U0JlRJUnYtVe F4AThcvwpUI0Rqwt4l80iDwFxes04c1AcBJZKigFX9hlcQi/LyEFOSb+ QP6+K/d/A+p2JydozxV+dRqHIl0oH/hU0FJy9U3VW50yUsPHWeeAdbCJ c+GWSpiGtFIsikTZYzZOWzHt5yiGRlOw1TU9gsl0mjcEM+GZxomPijbV jN2+d9r4Hgc= nic.cz. 1265 IN DNSKEY 257 3 5 BQEAAAABt3LenoCVTV0okqKYPDnnVJqvwCD9MKJNXg8fcOCdLQYncyoe hpwM5RK2UkZDcDxWkMo7yMa35ej+Mhpaji9si4xXD+Syl4Q06LFiFkdN /5GlVlrIdE3GW7zC7Z4sS14Vz8FbYfcRmhsh19Ob718jGZneGfw2UPbv kyxUR8wD7mguZn02fQ6tjj/Ktp4uSW9tpz3bjGMo2rX+iZk4xgbPaesA OlR/AaHdatGZsWC9CPon8mnLZeu6czm8CBDgBmnf3PE8c5+uyWj1Pw4p p0VQmnX5UrnuGpErg7qXhJm7wY2CRVRMcLX3zmjVWXW1uT9JFh2G+/pZ zxnASfKKltZpuw== nic.cz. 6055 IN RRSIG NSEC 5 2 7200 20101216130302 20101202130302 60479 nic.cz. MCS/PApTt2d2gjvmdebBMRTQpb8zPBFW5SwFB2T95Kt2ap64KYLF4jiG PtxjtEVBSg2p19qV7QApqKTKYVXTieIy7v78+g9z3EzbdTsXYIbHkln2 2fAswPdDwKSmboTyWk2I4XLXbzA0LeO2qcbN6CMS8p3aBp4OhdOb9DyQ MPc= nic.cz. 6055 IN NSEC 6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY ;; AUTHORITY SECTION: nic.cz. 1407 IN NS d.ns.nic.cz. nic.cz. 1407 IN NS a.ns.nic.cz. nic.cz. 1407 IN NS b.ns.nic.cz. ;; ADDITIONAL SECTION: a.ns.nic.cz. 1407 IN A 194.0.12.1 a.ns.nic.cz. 1407 IN AAAA 2001:678:f::1 b.ns.nic.cz. 1407 IN A 194.0.13.1 b.ns.nic.cz. 1407 IN AAAA 2001:678:10::1 d.ns.nic.cz. 1407 IN A 193.29.206.1 d.ns.nic.cz. 1407 IN AAAA 2001:678:1::1 ;; Query time: 1 msec ;; SERVER: 10.0.4.2#53(10.0.4.2) ;; WHEN: Tue Dec 7 15:27:54 2010 ;; MSG SIZE rcvd: 2318
I am attaching VB log file and pcap with network traffic (semms to be an IP fragmentation issue).
Regards,
Zbynek
by , 14 years ago
Attachment: | VBox-4.0.0b1.log added |
---|
comment:5 by , 14 years ago
Interesting here I have similar issue with the exception that I have valid out put from 8.8.8.8 (google dns)
vbox@vbox-VirtualBox:~$ dig +edns=0 nic.cz ANY @217.31.204.130 ; <<>> DiG 9.7.1-P2 <<>> +edns=0 nic.cz ANY @217.31.204.130 ;; global options: +cmd ;; connection timed out; no servers could be reached
with google dns.
vbox@vbox-VirtualBox:~$ dig +edns=0 nic.cz ANY @8.8.8.8 ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.7.1-P2 <<>> +edns=0 nic.cz ANY @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57099 ;; flags: qr rd ra; QUERY: 1, ANSWER: 23, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;nic.cz. IN ANY ;; ANSWER SECTION: nic.cz. 1605 IN SOA a.ns.nic.cz. hostmaster.nic.cz. 1291298582 10800 3600 1209600 7200 nic.cz. 1605 IN RRSIG SOA 5 2 1800 20101216130302 20101202130302 60479 nic.cz. XafSEHctdakQu2aX+iTToa99FmZkC+LkN1Mrxu9GvMf3XwY140yKUzdE RFRB/r6gg5pW9Hs9scmVB8i+OF38aZ6grIobaL//VAI++SWVGHPRU2l/ eYt7SDkxCMvTIQ36aF4eKA24fgWv97bQlvFN9xyvXxJ+K3k/zPccQ/uf Pa4= nic.cz. 1605 IN NS d.ns.nic.cz. nic.cz. 1605 IN NS b.ns.nic.cz. nic.cz. 1605 IN NS a.ns.nic.cz. nic.cz. 1605 IN RRSIG NS 5 2 1800 20101216130302 20101202130302 60479 nic.cz. FHaZF5yTYdzrmQzWiIynSO7R/tdoyrojOAx3Q+aRSErK4SMTp1HrcWGL I6XVF8Nqn4yG4jbrQ/HLkBEcae0AAkE7ega7bjb4xr2hblSQuuyzhW4d qfnZOvHFg9ER+TnADeTzvuMxgjAXuJxRFPN90R26LLWeH0C8tyXfZpOA 0yc= nic.cz. 1605 IN A 217.31.205.50 nic.cz. 1605 IN RRSIG A 5 2 1800 20101216130302 20101202130302 60479 nic.cz. dyEm4+myMIwewJKB0c0hAf0jEb18fAZM/ZZCK4CuqbhzFc2uN+KkZ3m2 y5w358HCMzlKvjRSoCyqivywyCZaFoOlD3umpkP9f44WDIRiZo61XwEN 8BWvUteeLzQCWyypTTNEuyPLBft6Ol3+f7xrd6L09psTr2zO9dd0Um2/ 35M= nic.cz. 1605 IN MX 10 mail.nic.cz. nic.cz. 1605 IN MX 15 mail4.nic.cz. nic.cz. 1605 IN MX 20 mx.cznic.org. nic.cz. 1605 IN MX 30 bh.nic.cz. nic.cz. 1605 IN RRSIG MX 5 2 1800 20101216130302 20101202130302 60479 nic.cz. OqAVj2YI9S2OD/5edKsWmlyYlbxKAtSTdwBI6Lr8ANrAnletKJr1amOY mHJZ9YcCj0FAesOmQ6Tyvlecwkgxnhon/Dor8G8SosbUqEITRRp385Lg R3VwfDwW+s81uKDmetSVLAgnLEX9pyjsh4yXfn7gOzSW1DCnghvMtOP8 7X0= nic.cz. 1605 IN AAAA 2001:1488:0:3::2 nic.cz. 1605 IN RRSIG AAAA 5 2 1800 20101216130302 20101202130302 60479 nic.cz. Sbz26JFoTs8qeZfmJ0VfMD9cc3qQhmOPEeqZEibBzGPFmxSDC637Sdvy jLOfhd3FJ5IMen7ohD3JbWVRjDCYQ1bmG9xIx7toCY31bhK5aEypTotm 9hpzrOLxR7RVSdYBUoS88BGXeQB9oBPvZ6C/oZqQDCwWJitGdU0hjP8W efE= nic.cz. 7005 IN NSEC 6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY nic.cz. 7005 IN RRSIG NSEC 5 2 7200 20101216130302 20101202130302 60479 nic.cz. MCS/PApTt2d2gjvmdebBMRTQpb8zPBFW5SwFB2T95Kt2ap64KYLF4jiG PtxjtEVBSg2p19qV7QApqKTKYVXTieIy7v78+g9z3EzbdTsXYIbHkln2 2fAswPdDwKSmboTyWk2I4XLXbzA0LeO2qcbN6CMS8p3aBp4OhdOb9DyQ MPc= nic.cz. 3405 IN DNSKEY 256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos= nic.cz. 3405 IN DNSKEY 257 3 5 AwEAAcNkfvS/b/+0Du0eVViVBnxb5Rt2jDAiv+NLqX53ka03NbYiq2Rv c7IZ+zhfo40PwDCIuJ7/CMXvOkkX7GAnC5CQWZ4jGoA//xtxJ/HIAFkf ThmK5oQqAsdtgjFliRo1QFsXLMbqQlyc0H5xT5Vqlh72U0JlRJUnYtVe F4AThcvwpUI0Rqwt4l80iDwFxes04c1AcBJZKigFX9hlcQi/LyEFOSb+ QP6+K/d/A+p2JydozxV+dRqHIl0oH/hU0FJy9U3VW50yUsPHWeeAdbCJ c+GWSpiGtFIsikTZYzZOWzHt5yiGRlOw1TU9gsl0mjcEM+GZxomPijbV jN2+d9r4Hgc= nic.cz. 3405 IN DNSKEY 257 3 5 BQEAAAABt3LenoCVTV0okqKYPDnnVJqvwCD9MKJNXg8fcOCdLQYncyoe hpwM5RK2UkZDcDxWkMo7yMa35ej+Mhpaji9si4xXD+Syl4Q06LFiFkdN /5GlVlrIdE3GW7zC7Z4sS14Vz8FbYfcRmhsh19Ob718jGZneGfw2UPbv kyxUR8wD7mguZn02fQ6tjj/Ktp4uSW9tpz3bjGMo2rX+iZk4xgbPaesA OlR/AaHdatGZsWC9CPon8mnLZeu6czm8CBDgBmnf3PE8c5+uyWj1Pw4p p0VQmnX5UrnuGpErg7qXhJm7wY2CRVRMcLX3zmjVWXW1uT9JFh2G+/pZ zxnASfKKltZpuw== nic.cz. 3405 IN RRSIG DNSKEY 5 2 3600 20101216130302 20101202130302 27979 nic.cz. YAoVdVm+qOQiF1lFird0Ae1VkRWHp/nrr7wzt0h0fpLePVu7IsvY58Dk 99CD9+w7A1+UyR1k/b33bjQ6ZZirjFZiA+TDikghImEdk3QwPUxkuxka o1l8ddqGPBkSvGlyPwN2df4CCKPogtmNIpL3a/+A/SLeQYp3GjjLzqIC o1u6xl4jsloT3H0ZIeLE+OojDbfHGTSu/jf6rXvUWOtSAaHtIE2wSg/R s+V4ERcVJI3AousuR30cbHcvLnPV2RyWKsEBhbG2LNJJLHmRg3Mr62Z9 kOu5YWotqCbYe30f1CaUyEfHZK1RMbU5KnkW5uCAN3whUeFW3/LUp11k Dc36kw== nic.cz. 3405 IN RRSIG DNSKEY 5 2 3600 20101216130302 20101202130302 59916 nic.cz. Ij66rfTN5uiZG5uu8E7QLm/wNX+UrsZtcX6Rnu0K1l/v1ZfcbpE9UUp3 HDYzLlvvxCMOG6BTHhx5yxbNRhm+OvSPQhyvI5MO04mNXXQ2dH9a/Oax 3vzcuzFAqThlXJLkc0eODcIPnfx60mhFMiYt5hUTLxvL4xT0b9b47j5M 13KjFgTvlUnyMIE0BI/UzESe//aM8zrGeoFWoQFBmcGap+Yxt8L8Wefv k5y879PJQOyAGJ6fBoFctXj9PKrWFWr08BQuhsR+hk6g89jerejASpeE YWoyIT5BtKlwK8A2IrJIjRUEVoifWWqrMODKZlrdlsNtVAWGgxg9Vi0k +v6eYQ== nic.cz. 3405 IN RRSIG DNSKEY 5 2 3600 20101216130302 20101202130302 60479 nic.cz. Qf6J/dewL3mGfk2dp7/A/9eUoXRx2FxIYpdEoGZHRhbATH0xOXbb8K74 EDejIqlekuyqH/wolbiaMdM43DWUKeRurSFQUWr+6Ao9bub0H9idAG6+ mtgGzV8XR3z3GLkKz7BvgT8UpDd7YkXScGa2rLBe4zY0hFxtuPXMTHX1 Bwk= ;; Query time: 76 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Dec 7 21:08:52 2010 ;; MSG SIZE rcvd: 2755 vbox@vbox-VirtualBox:~$
will investigate why they are so different.
follow-up: 7 comment:6 by , 14 years ago
It is because google DNS replies with truncate bit and then dig sends new TCP query (which is OK over NAT). It seems that their DNS server does not support EDNS0.
$ dig +edns=0 +ignore nic.cz ANY @8.8.8.8 ; <<>> DiG 9.7.2-P2 <<>> +edns=0 +ignore nic.cz ANY @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49715 ;; flags: qr tc rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;nic.cz. IN ANY ;; Query time: 9 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Dec 7 19:39:57 2010 ;; MSG SIZE rcvd: 35
Zbynek
comment:7 by , 14 years ago
Yes you're right google unswers in TCP. Could you please try modify aliasing mode to proxyonly: e.g.
#VBoxManage modifyvm u10.10 --nataliasmode1 proxyonly
comment:10 by , 11 years ago
Description: | modified (diff) |
---|---|
Resolution: | → obsolete |
Status: | new → closed |
comment:11 by , 10 years ago
Replying to zmichl:
Hello,
I have VirtualBox running on Linux, host is Debian, guest Ubuntu and NAT network adapter. When I try to ask my DNS resolver with EDNS0, reply packet from resolver is corrupted in some cases (when packet is larger than cca 1500 bytes). Bridge networking works correctly.
dig answer using NAT:
$ dig +edns=0 nic.cz ANY @217.31.204.130 ;; Warning: Message parser reports malformed message packet. ; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @217.31.204.130 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8960 ;; flags: qr rd ra; QUERY: 1, ANSWER: 23, AUTHORITY: 0, ADDITIONAL: 8 ;; WARNING: Messages has 10 extra bytes at end ;; QUESTION SECTION: ;nic.cz. IN ANY ;; ANSWER SECTION: nic.cz. 108 IN SOA a.ns.nic.cz. hostmaster.nic.cz. 1288922585 10800 3600 1209600 7200 nic.cz. 108 IN RRSIG SOA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. TrF9zVN9n5SXMNOt1uPivtG4NVpnQZWRQxoT94GEGhP61Z8fdt3cDTw3 RRg1aXBVFEk2E/N6aa5iR93B9FMdPvQq0UVrZhEW/uHEac/d731ayD7G XxiTsA4caTAIN0t6MbL8SnodK73Sm+5eGTi0Hv79pxHLc/gCt1oZMxKQ u+A= nic.cz. 1667 IN NS a.ns.nic.cz. nic.cz. 1667 IN NS b.ns.nic.cz. nic.cz. 1667 IN NS d.ns.nic.cz. nic.cz. 1667 IN RRSIG NS 5 2 1800 20101119010305 20101105010305 60479 nic.cz. kAE79XWQUML3NB6WW/1+H2pA68matuhhfITNlpIwBh96Z78pCQZxC0x/ CM4a9aQUm+RG+V+vfQqd41GXXRxE7RfYqj8cEEnJI3SmFmQuLmVCrRZH m2/oWD5KvGCoWgo5QYnZgJWpkESRgDyD75jRbryW3AMAHQupg3FiEivV fn4= nic.cz. 749 IN A 217.31.205.50 nic.cz. 749 IN RRSIG A 5 2 1800 20101119010305 20101105010305 60479 nic.cz. d1KmnlwB+j9F63h1w7YceU3cCXCq+7/0ePTVqXLOgcREBPaT9jUz7ypd zx9rTxkbuWXZ+R177+IhXOxWoyLz4be/8UAesOiiRp0Sh8JF0qlAEE1n zj70RjW/B8AvtCyU4m7hh0/gULpsV767ikHhLM6GT4LIKfZAuvO1qJk4 2uA= nic.cz. 749 IN MX 10 mail.nic.cz. nic.cz. 749 IN MX 15 mail4.nic.cz. nic.cz. 749 IN MX 20 mx.cznic.org. nic.cz. 749 IN MX 30 bh.nic.cz. nic.cz. 749 IN RRSIG MX 5 2 1800 20101119010305 20101105010305 60479 nic.cz. E4P3OpDV0YVK1oAQqVwvBhQQGIkD5BIvdBF/ehMJeOkB790OfOlFf9KP F8tlQuzdhMbFVk4y1FqnB0+LLtKnkpEVZGf62ykElZ0itLvBEiuTmQ9l TyRw6aOqNNfzEKirYVPxdq4dPbp6Wg8uAqLVEQgXebT0AQZuH6ond21F cuE= nic.cz. 749 IN AAAA 2001:1488:0:3::2 nic.cz. 749 IN RRSIG AAAA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. R4JRLPzyf9Rv2iZojLBn3AWRCgtIZO1HpA1lWQMs9kMDf6qyGEax+09V 432eh2/ltacVRy+a4aAdlLS8ppxhuIogAlh4uNZQIgimX0c5OqK1UpMk Ii/dZu609Ba9Ydh8ARhdN63gQGmiLbl0bTd0GsfCWJdGTYwlmS7bbU9Q eEw= nic.cz. 7173 IN NSEC 6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY nic.cz. 7173 IN RRSIG NSEC 5 2 7200 20101119010305 20101105010305 60479 nic.cz. CYGrCVtYRj6XJVgmg2TpuTnxZAJ2kqianoudzKSJEBl+ZmMKyyKwuzdI UHjqIX5tLgrDIhzrgk/y6cqWeslJtTpJZCdqN53CN2yXTqMFG1ygQKFK /S3tN4anUp1BZPI98NpJe0gJOK+H+PUu+AULKMV26QyqHMoYB9rZPVPC wyg= nic.cz. 2549 IN DNSKEY 256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos= ;; Query time: 2 msec ;; SERVER: 217.31.204.130#53(217.31.204.130) ;; WHEN: Wed Nov 10 12:46:19 2010 ;; MSG SIZE rcvd: 1458dig answer using bridge networking (packet is OK):
$ dig +edns=0 nic.cz ANY @217.31.204.130 ; <<>> DiG 9.7.0-P1 <<>> +edns=0 nic.cz ANY @217.31.204.130 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46077 ;; flags: qr rd ra; QUERY: 1, ANSWER: 23, AUTHORITY: 0, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;nic.cz. IN ANY ;; ANSWER SECTION: nic.cz. 1800 IN SOA a.ns.nic.cz. hostmaster.nic.cz. 1288922585 10800 3600 1209600 7200 nic.cz. 1800 IN RRSIG SOA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. TrF9zVN9n5SXMNOt1uPivtG4NVpnQZWRQxoT94GEGhP61Z8fdt3cDTw3 RRg1aXBVFEk2E/N6aa5iR93B9FMdPvQq0UVrZhEW/uHEac/d731ayD7G XxiTsA4caTAIN0t6MbL8SnodK73Sm+5eGTi0Hv79pxHLc/gCt1oZMxKQ u+A= nic.cz. 1800 IN NS b.ns.nic.cz. nic.cz. 1800 IN NS a.ns.nic.cz. nic.cz. 1800 IN NS d.ns.nic.cz. nic.cz. 1800 IN RRSIG NS 5 2 1800 20101119010305 20101105010305 60479 nic.cz. kAE79XWQUML3NB6WW/1+H2pA68matuhhfITNlpIwBh96Z78pCQZxC0x/ CM4a9aQUm+RG+V+vfQqd41GXXRxE7RfYqj8cEEnJI3SmFmQuLmVCrRZH m2/oWD5KvGCoWgo5QYnZgJWpkESRgDyD75jRbryW3AMAHQupg3FiEivV fn4= nic.cz. 1800 IN A 217.31.205.50 nic.cz. 1800 IN RRSIG A 5 2 1800 20101119010305 20101105010305 60479 nic.cz. d1KmnlwB+j9F63h1w7YceU3cCXCq+7/0ePTVqXLOgcREBPaT9jUz7ypd zx9rTxkbuWXZ+R177+IhXOxWoyLz4be/8UAesOiiRp0Sh8JF0qlAEE1n zj70RjW/B8AvtCyU4m7hh0/gULpsV767ikHhLM6GT4LIKfZAuvO1qJk4 2uA= nic.cz. 1800 IN MX 10 mail.nic.cz. nic.cz. 1800 IN MX 15 mail4.nic.cz. nic.cz. 1800 IN MX 20 mx.cznic.org. nic.cz. 1800 IN MX 30 bh.nic.cz. nic.cz. 1800 IN RRSIG MX 5 2 1800 20101119010305 20101105010305 60479 nic.cz. E4P3OpDV0YVK1oAQqVwvBhQQGIkD5BIvdBF/ehMJeOkB790OfOlFf9KP F8tlQuzdhMbFVk4y1FqnB0+LLtKnkpEVZGf62ykElZ0itLvBEiuTmQ9l TyRw6aOqNNfzEKirYVPxdq4dPbp6Wg8uAqLVEQgXebT0AQZuH6ond21F cuE= nic.cz. 1800 IN AAAA 2001:1488:0:3::2 nic.cz. 1800 IN RRSIG AAAA 5 2 1800 20101119010305 20101105010305 60479 nic.cz. R4JRLPzyf9Rv2iZojLBn3AWRCgtIZO1HpA1lWQMs9kMDf6qyGEax+09V 432eh2/ltacVRy+a4aAdlLS8ppxhuIogAlh4uNZQIgimX0c5OqK1UpMk Ii/dZu609Ba9Ydh8ARhdN63gQGmiLbl0bTd0GsfCWJdGTYwlmS7bbU9Q eEw= nic.cz. 7200 IN NSEC 6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY nic.cz. 7200 IN RRSIG NSEC 5 2 7200 20101119010305 20101105010305 60479 nic.cz. CYGrCVtYRj6XJVgmg2TpuTnxZAJ2kqianoudzKSJEBl+ZmMKyyKwuzdI UHjqIX5tLgrDIhzrgk/y6cqWeslJtTpJZCdqN53CN2yXTqMFG1ygQKFK /S3tN4anUp1BZPI98NpJe0gJOK+H+PUu+AULKMV26QyqHMoYB9rZPVPC wyg= nic.cz. 3600 IN DNSKEY 257 3 5 BQEAAAABt3LenoCVTV0okqKYPDnnVJqvwCD9MKJNXg8fcOCdLQYncyoe hpwM5RK2UkZDcDxWkMo7yMa35ej+Mhpaji9si4xXD+Syl4Q06LFiFkdN /5GlVlrIdE3GW7zC7Z4sS14Vz8FbYfcRmhsh19Ob718jGZneGfw2UPbv kyxUR8wD7mguZn02fQ6tjj/Ktp4uSW9tpz3bjGMo2rX+iZk4xgbPaesA OlR/AaHdatGZsWC9CPon8mnLZeu6czm8CBDgBmnf3PE8c5+uyWj1Pw4p p0VQmnX5UrnuGpErg7qXhJm7wY2CRVRMcLX3zmjVWXW1uT9JFh2G+/pZ zxnASfKKltZpuw== nic.cz. 3600 IN DNSKEY 256 3 5 BQEAAAABngr4fPoI01A+Rlcz0o9pNj0rHnK1b5A6ODrmYIX2hKkCkw8c vCNC5QAkhw3v8CN61TJBdbKeO++sxDPr59J86TIWIvXNNX9Sp4OJ756T Wo4nD344rf+pQjOFWrlasrPZwz/tdgVlJLI3bc+izxGmGD3gJX1rVhOF VnqfYMp4jos= nic.cz. 3600 IN DNSKEY 257 3 5 AwEAAcNkfvS/b/+0Du0eVViVBnxb5Rt2jDAiv+NLqX53ka03NbYiq2Rv c7IZ+zhfo40PwDCIuJ7/CMXvOkkX7GAnC5CQWZ4jGoA//xtxJ/HIAFkf ThmK5oQqAsdtgjFliRo1QFsXLMbqQlyc0H5xT5Vqlh72U0JlRJUnYtVe F4AThcvwpUI0Rqwt4l80iDwFxes04c1AcBJZKigFX9hlcQi/LyEFOSb+ QP6+K/d/A+p2JydozxV+dRqHIl0oH/hU0FJy9U3VW50yUsPHWeeAdbCJ c+GWSpiGtFIsikTZYzZOWzHt5yiGRlOw1TU9gsl0mjcEM+GZxomPijbV jN2+d9r4Hgc= nic.cz. 3600 IN RRSIG DNSKEY 5 2 3600 20101119010305 20101105010305 27979 nic.cz. Q3QgfuTgPzcY1FdtkZ7nL1nDPbTd+LWJ+PPjqQlZNCF+BVHf8W3rfzN5 hhf8JEx+ewlmZNoDtIE0OZ2Ua838RKb79EqJgZGjVoLFEA7JoI54dX+y exRvrt1l/XMXOwCOK4ItdGdfAQ7+U2qrXHQ7azY1FcrNUqMK62bNUQgn 3HKYP57fYTeX8kg2RNZxJmJwCnEvxxL4l5yT1LaTaYfhPWPqXS0hiG1z eIEpXbfKZTWVFEmQWi7AEKch/Uux1YL5fVdov/L8KHlQHVF6/YRqOp6e eYLln3GttDbqzQ2b1p5Drs2xrDWltmqWXT9bv4zEuLbIAhpbxRM9c6iq sBRXCw== nic.cz. 3600 IN RRSIG DNSKEY 5 2 3600 20101119010305 20101105010305 59916 nic.cz. QSRvNDGapwSC5y8m8liJjK0IFASV21kC8VqVYjanzerlEqrQ2hLvHqpF X37VjZ36Rvti22EnwCSVneuxy9qstenI11S2Og98E86x35lwXcxk+ze6 JmMvr24khI0XYFNlgYi5OZ47ugPibADD8rdxD9JG8LA3C5wifc+UO2lq wyOTv8MUwFHqazsLHN2/hMDznkCnldPWbyLXHtYsUFMVWX14nuDCevAU heqJDW7nKjeV8AfCpBrY7TZcPR1lIktlq+VIOO4OSSU0SqqI4mXZiG5O 9CE8u/XOfFk93z7iupkP6ktL0LyDOM9cGiY36y6n9r9KwSdxe8iP5g4T 7sy/Lw== nic.cz. 3600 IN RRSIG DNSKEY 5 2 3600 20101119010305 20101105010305 60479 nic.cz. UAwYv6Uz8UW+jpJ2Rq3pkAp2Tmh+uKte25EtxIGlMI6UKY78LwOYQsL4 ODUmb0xHa9Ut2yCCCykdZKswsIFCc8j6gzlBIrPSBzXu34w49fzNUdnh KaPmlbhnhTbQa505hjXv6fEjf8rhNnHyDFcc2h+XJ2/q8NiU5BnEDTXi +ec= ;; ADDITIONAL SECTION: a.ns.nic.cz. 1800 IN A 194.0.12.1 a.ns.nic.cz. 1800 IN AAAA 2001:678:f::1 b.ns.nic.cz. 1800 IN A 194.0.13.1 b.ns.nic.cz. 1800 IN AAAA 2001:678:10::1 d.ns.nic.cz. 1800 IN A 193.29.206.1 d.ns.nic.cz. 1800 IN AAAA 2001:678:1::1 ;; Query time: 13 msec ;; SERVER: 217.31.204.130#53(217.31.204.130) ;; WHEN: Wed Nov 10 12:49:03 2010 ;; MSG SIZE rcvd: 2887I am attaching files with captured network traffic (both NAT and bridge).
Regards,
Zbynek
Thanks, for reporting. I was able reproduce it locally.