GXN/Freenetname and bind 8.3

Steven Fletcher flec at flec.co.uk
Tue Feb 19 12:46:35 GMT 2002

Simple question so I'll cut to the chase:

Has anyone else noticed that GXN's nameservers (at map{1-4}.dns.gxn.net)
have been answering queries with... er... shite, recently?

This only seems to have begun since I upgraded our resolvers to bind
8.3.1 (it may have been happening with 8.3.0, but if it was, I didn't
notice), and apparently might be something to do with EDNSO.


12:35:13.523915 ns.shellnet.co.uk.4172 > map1.dns.gxn.net.domain:  10372
[1au] MX? ri-consulting.co.uk. (48)
0x0000   4500 004c a0cb 0000 4011 835a c281 d102        E..L.... at ..Z....
0x0010   c3e0 ff16 104c 0035 0038 c841 2884 0000        .....L.5.8.A(...
0x0020   0001 0000 0000 0001 0d72 692d 636f 6e73        .........ri-cons
0x0030   756c 7469 6e67 0263 6f02 756b 0000 0f00        ulting.co.uk....
0x0040   0100 0029 1000 0000 0000 0000                  ...)........
12:35:13.534570 map1.dns.gxn.net.domain > ns.shellnet.co.uk.4172:  666*-
[0q] 0/0/0 (12) (DF)
0x0000   4500 0028 b0a0 4000 f711 7ca8 c3e0 ff16        E..(.. at ...|.....
0x0010   c281 d102 0035 104c 0014 112f 029a 8500        .....5.L.../....
0x0020   0000 0000 0000 0000 4854 5450 2f31             ........HTTP/1

Yes, that is part of a HTTP request in there!
Countless other examples contain countless other variations on the crap
that seems to be contained within the reply.

We're able to reproduce this on 2 different machines, one connected via
PSInet, the other on UUnet UK. This affects all of the Freenetname
domains, which are serviced by the above mentioned nameservers.

Also noticed by Richard Hopkins at the University of Bristol,
unfortunately, I've asked, but he has been unable to run any tcpdumps so
that we can compare results:

If anyone is able to reproduce the above, please let me/us know, then at
least I can be sure that I'm not on my own...

-Steven Fletcher

More information about the Ukfreebsd mailing list