Ethereal-users: Re: [Ethereal-users] erroneous decoding of dynamic DNS packets in ethereal?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Stefan Puiu <stefan.puiu@xxxxxxxxx>
Date: Thu, 11 Nov 2004 15:15:14 +0200
Hello Guy and thanks for the reply, 

I think my original post was misleading, I used the terminology from
the libbind API (the BIND8 resolver library). It's true, RFC2136 shows
NXRRSET or YXRRSET as RCODEs, not as "prerequisite opcode". The
"prerequisite opcode" is used in libbind to specify the type of
prerequisite (RRSet exists(value independent), RRSet exists (value
dependent), etc.) - I see this can be quite misleading - that's what I
meant, I thought it would have been helpful if Ethereal would specify
these types. You are quite right that both the prerequisite and update
type can be inferred from the class/type/rdata - this is ok with me
for the moment.

On the other hand, I still am baffled as to why do the nsupdate
packets show up as malformed? I use libbind to send some DDNS packets
from an application and would have needed some way to check that those
packets are properly created. If the DNS dissector would label some
valid (D)DNS packets as "malformed", then it's not suitable for the
above purpose, and that's what I'm trying to determine. See the first
post for the capture file.


On Thu, 11 Nov 2004 04:22:54 -0800, Guy Harris <gharris@xxxxxxxxx> wrote:
> Stefan Puiu wrote:
> 
> 
> 
> > I'm using ethereal as a debugging tool and have found something which
> > looks like a bug in the way it decodes dynamic DNS packets. What
> > caught my eye is that I needed to check if some DDNS packets I was
> > sending were correctly formatted, and they would show up with a
> > mention of "malformed packet" in Ethereal, leading me to believe that
> > I was doing something wrong in my app. On the other hand, output for
> > DDNS packets is also lacking - you can't tell the opcode for
> > prerequisistes (YXRRSET, NXRRSET, YXDOMAIN etc.)
> 
> At least according to RFC 2136, those are response codes, not opcodes,
> and are set only in replies, not requests.  What RFC specifies them as
> being present in requests?
> 
> > or updates
> > (ADD/DELETE), so you most likely have to guess what type the update
> > packet is (I think the YXRRSET preset has the class set to 'any',
> > while NXRRSET has the class set as 'none', but I wouldn't swear by
> > that).
> 
> According to RFC 2136:
> 
>     3.4.2.6 - Table Of Metavalues Used In Update Section
> 
>     CLASS    TYPE     RDATA    Meaning
>     ---------------------------------------------------------
>     ANY      ANY      empty    Delete all RRsets from a name
>     ANY      rrset    empty    Delete an RRset
>     NONE     rrset    rr       Delete an RR from an RRset
>     zone     rrset    rr       Add to an RRset
>