Got an error in UDP question thread: Trying to read past the end of the buffer

[rygl]

Hello,
Maybe it is not harmful, but I am trying to keep the log clean:

Jan 22 22:48:50 rzt-lvs1 dnsdist[19829]: Got an error in UDP question thread: Trying to read past the end of the buffer
Jan 22 22:48:50 rzt-lvs1 dnsdist[19829]: Got an error in UDP question thread: Trying to read past the end of the buffer
Jan 23 01:05:24 rzt-lvs1 dnsdist[19829]: Got an error in UDP question thread: Trying to read past the end of the buffer
Jan 23 01:05:24 rzt-lvs1 dnsdist[19829]: Got an error in UDP question thread: Trying to read past the end of the buffer
Jan 23 03:46:49 rzt-lvs1 dnsdist[19829]: Got an error in UDP question thread: Trying to read past the end of the buffer
Jan 23 03:46:49 rzt-lvs1 dnsdist[19829]: Got an error in UDP question thread: Trying to read past the end of the buffer
Jan 23 03:46:51 rzt-lvs1 dnsdist[19829]: Got an error in UDP question thread: Trying to read past the end of the buffer

What does it mean? dnsdist 0.0.659g717609c, clients are mainly on IPv6, 10k qps

Regards
Ales

[rgacogne]

Hi Aleš,

Thank you for reporting this. Do you get these a lot? It means that we got to the end of the packet sooner than we expected when trying to parse the question's qname. This might be a bug, a malformed query, or an empty one (no question). This commit 1 deals more gracefully with that last case. It might not play well with DNS Cookies 2, but it won't be worse that what we are currently doing anyway.
If it doesn't help, we might need to add some debugging information to understand what's happening.

[rygl]

Hi Remi,
you are welcome. It is not so bad. I have up to 100 such errors per hour. The rate is not constant. Sometimes there is nothing within an hour. Comparing to the query rate (~12k qps) it is rare. It seems to me that it is rather related to a malformed query.

Sometimes I can also see this in dmesg output:
[Fri Jan 22 18:04:37 2016] UDP: bad checksum. From 93.153.83.14:12499 to 62.141.0.2:53 ulen 48
[Fri Jan 22 22:10:53 2016] UDP: bad checksum. From 10.85.31.44:54707 to 62.141.0.2:53 ulen 48
[Sat Jan 23 09:44:23 2016] UDP: bad checksum. From 93.153.83.14:13564 to 62.141.0.2:53 ulen 49
[Sat Jan 23 11:26:17 2016] UDP: bad checksum. From 10.180.163.222:55938 to 62.141.0.2:53 ulen 44
[Sat Jan 23 11:37:42 2016] UDP: bad checksum. From 10.180.163.222:47193 to 62.141.0.2:53 ulen 44

The occurrence does not seem to correlate with buffer errors.
Just a question. I am using Debian repo. How often are the new packages built? Is the latest package there containing the commit you have mentioned? I am not familiar to github build process...

Thanks
Ales

[rygl]

Hi Remi, hi Hubert,
Thanks!!

[ahupowerdns]

maybe good to know, if you listen to traffic from stub resolvers ... you will be receiving quite some weird traffic. Authoritative servers get far cleaner traffic.

[rygl]

Yes, this is the case. dnsdist is used by ADSL CPEs for IPv6 at the moment. And they can bother a lot.
Btw. I have already some hits in empty-queries and no buffer errors in the log.