[Yeti DNS Discuss] dnscap losing packets?

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Jun 11 19:27:31 UTC 2015


On my root name server, I observe that the pcaps we upload contain
only a part of the packets we handle, mostly answers.

Running dnscap by hand, I indeed see a disturbing phenomenon. While
tcpdump is happy and see both queries and answers:

19:12:49.333059 IP6 2a01:e35:8bd9:8bb0:21e:8cff:fe76:29b6.45857 > 2001:4b98:dc2:45:216:3eff:fe4b:8c5b.53: 693+ [1au] NS? af. (31)
19:12:49.333752 IP6 2001:4b98:dc2:45:216:3eff:fe4b:8c5b.53 > 2a01:e35:8bd9:8bb0:21e:8cff:fe76:29b6.45857: 693- 0/5/7 (445)

dnscap sees only some, mostly the answers:

[493] 2015-06-11 19:12:49.333752 [#22 eth1 0] \
	[2001:4b98:dc2:45:216:3eff:fe4b:8c5b].53 [2a01:e35:8bd9:8bb0:21e:8cff:fe76:29b6].45857  \
	dns QUERY,NOERROR,693,qr|rd \
	1 af,IN,NS 0 \
	5 af,IN,NS,172800,ns.anycast.nic.af \
	af,IN,NS,172800,af1.dyntld.net \
	af,IN,NS,172800,af3.dyntld.net \
	af,IN,43,86400,[36] \
	af,IN,46,86400,[147] \
	7 ns.anycast.nic.af,IN,A,172800,204.61.216.13 \
	af1.dyntld.net,IN,A,172800,208.78.70.94 \
	af3.dyntld.net,IN,A,172800,208.78.71.94 \
	ns.anycast.nic.af,IN,AAAA,172800,2001:500:14:6013:ad::1 \
	af1.dyntld.net,IN,AAAA,172800,2001:500:90::94 \
	af3.dyntld.net,IN,AAAA,172800,2001:500:94::94 \
	.,4096,4096,32768,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=1,z=0] \
	,[0]

(Sometimes, it is the opposite, I have only the query.)

What sort of bug could it be?

Gandi VPS server
Arch Linux (head)
Linux kernel 3.10.62 x86_64 SMP
dnscap: version V1.0-OARC-r%d (%s)


More information about the discuss mailing list