[Yeti DNS Discuss] dnscap losing packets?
bortzmeyer at nic.fr
Thu Jun 11 19:27:31 UTC 2015
On my root name server, I observe that the pcaps we upload contain
only a part of the packets we handle, mostly answers.
Running dnscap by hand, I indeed see a disturbing phenomenon. While
tcpdump is happy and see both queries and answers:
19:12:49.333059 IP6 2a01:e35:8bd9:8bb0:21e:8cff:fe76:29b6.45857 > 2001:4b98:dc2:45:216:3eff:fe4b:8c5b.53: 693+ [1au] NS? af. (31)
19:12:49.333752 IP6 2001:4b98:dc2:45:216:3eff:fe4b:8c5b.53 > 2a01:e35:8bd9:8bb0:21e:8cff:fe76:29b6.45857: 693- 0/5/7 (445)
dnscap sees only some, mostly the answers:
 2015-06-11 19:12:49.333752 [#22 eth1 0] \
[2001:4b98:dc2:45:216:3eff:fe4b:8c5b].53 [2a01:e35:8bd9:8bb0:21e:8cff:fe76:29b6].45857 \
dns QUERY,NOERROR,693,qr|rd \
1 af,IN,NS 0 \
5 af,IN,NS,172800,ns.anycast.nic.af \
7 ns.anycast.nic.af,IN,A,172800,22.214.171.124 \
(Sometimes, it is the opposite, I have only the query.)
What sort of bug could it be?
Gandi VPS server
Arch Linux (head)
Linux kernel 3.10.62 x86_64 SMP
dnscap: version V1.0-OARC-r%d (%s)
More information about the discuss