This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

debug dns failure No such name[Malformed Packet]

0

why is this packet send what cloud be the possible reason of this failure ?

74866 0.000 192.168.2.103(iphone) 192.168.2.1(routerdns) DNS 51 Standard query 0x004f SOA local

74945 0.018 192.168.2.1(routerdns) 192.168.2.103(iphone) DNS 540 Standard query response 0x004f No such name[Malformed Packet]

asked 09 Jul '15, 00:25

terrance's gravatar image

terrance
6113
accept rate: 0%

Can you upload the packet to https://cloudshark.org/? It is hard to tell what went wrong here without a capture.

(09 Jul '15, 03:13) Lekensteyn

One Answer:

1

That's a normal DNS query of Apple devices. Apple is using the TLD (top level domain) .local for internal purposes. It's related to mDNS, Bonjour. etc. (see https://en.wikipedia.org/wiki/.local). Apple devices ask for the SOA record of .local to figure out if there is an Apple server running on the network. Your DNS server responds with a "no such name", as it does not have any information about .local. Why the answer packet is flagged as malformed, I don't know, but that's not relevant here anyway.

So, nothing to worry about and nothing you can change.

Regards
Kurt

answered 10 Jul '15, 00:13

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Why the answer packet is flagged as malformed, I don't know

Because it's too short. All the RRSIG records in the packet claim to be 158 bytes long, based on the data length, but, at the end, there's only room for a 74-byte record, so the packet is too short to have the 158-byte RRSIG at the end - much less the 6th authority RR or the additional RR that the record counts claim should be there.

(10 Jul '15, 00:52) Guy Harris ♦♦

thanks for checking that. I did not look into it ;-)

(10 Jul '15, 02:07) Kurt Knochner ♦