[uClibc] Postfix & uClibc -> __res_search problem

Aukjan van Belkum aukjan at gfo.nl
Thu Aug 5 20:05:47 UTC 2004


I did a little capturing on my UML system with tcpdump, not tethereal 
since I had not build it yet, and also some capturing with tethereal on 
the host system. Both requests and responses look absolutely normal to 
me....

Here is the capture from the host system:

Frame 38 (72 bytes on wire, 72 bytes captured)
    Arrival Time: Aug  5, 2004 21:42:50.033268000
    Time delta from previous packet: 12.680761000 seconds
    Time since reference or first frame: 13.206482000 seconds
    Frame Number: 38
    Packet Length: 72 bytes
    Capture Length: 72 bytes
Ethernet II, Src: fe:fd:c0:a8:00:02, Dst: 00:ff:94:e3:9e:d8
    Destination: 00:ff:94:e3:9e:d8 (00:ff:94:e3:9e:d8)
    Source: fe:fd:c0:a8:00:02 (fe:fd:c0:a8:00:02)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.2 (192.168.0.2), Dst Addr: 213.197.28.3 (213.197.28.3)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 58
    Identification: 0x42fe (17150)
    Flags: 0x04
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (0x11)
    Header checksum: 0x4542 (correct)
    Source: 192.168.0.2 (192.168.0.2)
    Destination: 213.197.28.3 (213.197.28.3)
User Datagram Protocol, Src Port: 1031 (1031), Dst Port: domain (53)
    Source port: 1031 (1031)
    Destination port: domain (53)
    Length: 38
    Checksum: 0x2a4f (correct)
Domain Name System (query)
    Transaction ID: 0x0002
    Flags: 0x0100 (Standard query)
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        vanbelkum.nl: type MX, class inet
            Name: vanbelkum.nl
            Type: Mail exchange
            Class: inet

Frame 39 (322 bytes on wire, 322 bytes captured)
    Arrival Time: Aug  5, 2004 21:42:50.047499000
    Time delta from previous packet: 0.014231000 seconds
    Time since reference or first frame: 13.220713000 seconds
    Frame Number: 39
    Packet Length: 322 bytes
    Capture Length: 322 bytes
Ethernet II, Src: 00:ff:94:e3:9e:d8, Dst: fe:fd:c0:a8:00:02
    Destination: fe:fd:c0:a8:00:02 (fe:fd:c0:a8:00:02)
    Source: 00:ff:94:e3:9e:d8 (00:ff:94:e3:9e:d8)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 213.197.28.3 (213.197.28.3), Dst Addr: 192.168.0.2 (192.168.0.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 308
    Identification: 0x0000 (0)
    Flags: 0x04
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 56
    Protocol: UDP (0x11)
    Header checksum: 0x8f46 (correct)
    Source: 213.197.28.3 (213.197.28.3)
    Destination: 192.168.0.2 (192.168.0.2)
User Datagram Protocol, Src Port: domain (53), Dst Port: 1031 (1031)
    Source port: domain (53)
    Destination port: 1031 (1031)
    Length: 288
    Checksum: 0x005d (correct)
Domain Name System (response)
    Transaction ID: 0x0002
    Flags: 0x8180 (Standard query response, No error)
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 2
    Authority RRs: 3
    Additional RRs: 7
    Queries
        vanbelkum.nl: type MX, class inet
            Name: vanbelkum.nl
            Type: Mail exchange
            Class: inet
    Answers
        vanbelkum.nl: type MX, class inet, preference 30, mx smtp2.vanbelkum.nl
            Name: vanbelkum.nl
            Type: Mail exchange
            Class: inet
            Time to live: 19 hours, 33 minutes, 30 seconds
            Data length: 10
            Preference: 30
            Mail exchange: smtp2.vanbelkum.nl
        vanbelkum.nl: type MX, class inet, preference 10, mx smtp.vanbelkum.nl
            Name: vanbelkum.nl
            Type: Mail exchange
            Class: inet
            Time to live: 19 hours, 33 minutes, 30 seconds
            Data length: 9
            Preference: 10
            Mail exchange: smtp.vanbelkum.nl
    Authoritative nameservers
        vanbelkum.nl: type NS, class inet, ns ns1.widexs.nl
            Name: vanbelkum.nl
            Type: Authoritative name server
            Class: inet
            Time to live: 19 hours, 33 minutes, 30 seconds
            Data length: 13
            Name server: ns1.widexs.nl
        vanbelkum.nl: type NS, class inet, ns ns2.widexs.net
            Name: vanbelkum.nl
            Type: Authoritative name server
            Class: inet
            Time to live: 19 hours, 33 minutes, 30 seconds
            Data length: 16
            Name server: ns2.widexs.net
        vanbelkum.nl: type NS, class inet, ns ns3.widexs.nl
            Name: vanbelkum.nl
            Type: Authoritative name server
            Class: inet
            Time to live: 19 hours, 33 minutes, 30 seconds
            Data length: 6
            Name server: ns3.widexs.nl
    Additional records
        smtp2.vanbelkum.nl: type A, class inet, addr 217.170.1.149
            Name: smtp2.vanbelkum.nl
            Type: Host address
            Class: inet
            Time to live: 19 hours, 33 minutes, 30 seconds
            Data length: 4
            Addr: 217.170.1.149
        smtp.vanbelkum.nl: type A, class inet, addr 212.129.181.252
            Name: smtp.vanbelkum.nl
            Type: Host address
            Class: inet
            Time to live: 19 hours, 33 minutes, 30 seconds
            Data length: 4
            Addr: 212.129.181.252
        ns1.widexs.nl: type A, class inet, addr 212.204.192.252
            Name: ns1.widexs.nl
            Type: Host address
            Class: inet
            Time to live: 23 seconds
            Data length: 4
            Addr: 212.204.192.252
        ns1.widexs.nl: type AAAA, class inet, addr 2001:898:2000:11::1
            Name: ns1.widexs.nl
            Type: IPv6 address
            Class: inet
            Time to live: 30 seconds
            Data length: 16
            Addr: 2001:898:2000:11::1
        ns2.widexs.net: type A, class inet, addr 212.204.207.192
            Name: ns2.widexs.net
            Type: Host address
            Class: inet
            Time to live: 1 day, 17 hours, 8 minutes, 31 seconds
            Data length: 4
            Addr: 212.204.207.192
        ns2.widexs.net: type AAAA, class inet, addr 2001:898:2000:12::1
            Name: ns2.widexs.net
            Type: IPv6 address
            Class: inet
            Time to live: 17 hours, 10 minutes, 9 seconds
            Data length: 16
            Addr: 2001:898:2000:12::1
        ns3.widexs.nl: type A, class inet, addr 62.250.7.3
            Name: ns3.widexs.nl
            Type: Host address
            Class: inet
            Time to live: 23 seconds
            Data length: 4




Here is the capture from the UML system:



13:52:02.886210 IP (tos 0x0, ttl  64, id 45892, offset 0, flags [DF], proto: UDP (17), length: 58) 192.168.0.2.1039 > dns.conceptsfa.nl.domain:  4+ MX? vanbelkum.nl. (30)
        0x0000:  4500 003a b344 4000 4011 d4fb c0a8 0002  E..:.D at .@.......
        0x0010:  d5c5 1c03 040f 0035 0026 2a45 0004 0100  .......5.&*E....
        0x0020:  0001 0000 0000 0000 0976 616e 6265 6c6b  .........vanbelk
        0x0030:  756d 026e 6c00 000f 0001                 um.nl.....
13:52:02.903413 IP (tos 0x0, ttl  56, id 0, offset 0, flags [DF], proto: UDP (17), length: 308) dns.conceptsfa.nl.domain > 192.168.0.2.1039:  4 2/3/7 vanbelkum.nl. MX smtp.vanbelkum.nl. 10, vanbelkum.nl. (280)
        0x0000:  4500 0134 0000 4000 3811 8f46 d5c5 1c03  E..4.. at .8..F....
        0x0010:  c0a8 0002 0035 040f 0120 613f 0004 8180  .....5....a?....
        0x0020:  0001 0002 0003 0007 0976 616e 6265 6c6b  .........vanbelk
        0x0030:  756d 026e 6c00 000f 0001 c00c 000f 0001  um.nl...........
        0x0040:  0001 10e1 0009 000a 0473 6d74 70c0 0cc0  .........smtp...
        0x0050:  0c00                                     ..
13:52:15.457766 IP (tos 0x0, ttl  64, id 46559, offset 0, flags [DF], proto: UDP (17), length: 58) 192.168.0.2.1039 > dns.conceptsfa.nl.domain:  2+ MX? vanbelkum.nl. (30)
        0x0000:  4500 003a b5df 4000 4011 d260 c0a8 0002  E..:.. at .@..`....
        0x0010:  d5c5 1c03 040f 0035 0026 2a47 0002 0100  .......5.&*G....
        0x0020:  0001 0000 0000 0000 0976 616e 6265 6c6b  .........vanbelk
        0x0030:  756d 026e 6c00 000f 0001                 um.nl.....
13:52:15.476381 IP (tos 0x0, ttl  56, id 0, offset 0, flags [DF], proto: UDP (17), length: 308) dns.conceptsfa.nl.domain > 192.168.0.2.1039:  2 2/3/7 vanbelkum.nl. MX smtp2.vanbelkum.nl. 30, vanbelkum.nl. (280)
        0x0000:  4500 0134 0000 4000 3811 8f46 d5c5 1c03  E..4.. at .8..F....
        0x0010:  c0a8 0002 0035 040f 0120 46eb 0002 8180  .....5....F.....
        0x0020:  0001 0002 0003 0007 0976 616e 6265 6c6b  .........vanbelk
        0x0030:  756d 026e 6c00 000f 0001 c00c 000f 0001  um.nl...........
        0x0040:  0001 10d5 000a 001e 0573 6d74 7032 c00c  .........smtp2..
        0x0050:  c00c  



Am I missing anything here ???

Your dodp utility might be helpfull in understanding what is going on here.... I would not mind using it ;)

Thanks.. Aukjan



Bennett Todd wrote:

>I've not played with UML, but if you can snatch a pcap of the DNS
>query/reply that might possibly be helpful. tethereal can do a
>pretty thorough dump of such a packet.
>
>If you'd find any use to a utility that teases apart DNS packets
>into complete debugging dumps, let me know, I've got a prototype
>that is I think far enough along to be helpful for jobs like this.
>It wants the raw UDP payload, without any of the framing.
>
>-Bennett
>  
>




More information about the uClibc mailing list