On Fri, Nov 18, 2022 at 01:14:27AM +0000, Andy Smith wrote:
> Attached is empty-soa.txt, the text dump of the pcap of 4 packets. It
> shows:
Really attached now…
No. Time Source Destination Protocol
Length Info
1 0.000000 85.119.80.222 172.104.29.216 DNS 160
Zone change notification 0xe40c SOA f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
SOA ns0.ribenakid.me.uk
Frame 1: 160 bytes on wire (1280 bits), 160 bytes captured (1280 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Nov 17, 2022 14:59:29.791115000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1668697169.791115000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 160 bytes (1280 bits)
Capture Length: 160 bytes (1280 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Precisio_00:04:86 (00:16:5e:00:04:86), Dst: fe:ff:ff:ff:ff:ff
(fe:ff:ff:ff:ff:ff)
Destination: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff)
Address: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address
(this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Precisio_00:04:86 (00:16:5e:00:04:86)
Address: Precisio_00:04:86 (00:16:5e:00:04:86)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 85.119.80.222, Dst: 172.104.29.216
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
(0)
Total Length: 146
Identification: 0x70e4 (28900)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x98e1 [validation disabled]
[Header checksum status: Unverified]
Source: 85.119.80.222
Destination: 172.104.29.216
User Datagram Protocol, Src Port: 48859, Dst Port: 53
Source Port: 48859
Destination Port: 53
Length: 126
Checksum: 0x7125 [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
Domain Name System (query)
Transaction ID: 0xe40c
Flags: 0x2400 Zone change notification
0... .... .... .... = Response: Message is a query
.010 0... .... .... = Opcode: Zone change notification (4)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 1
Authority RRs: 0
Additional RRs: 0
Queries
f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: type SOA, class IN
Name: f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
[Name Length: 40]
[Label Count: 18]
Type: SOA (Start Of a zone of Authority) (6)
Class: IN (0x0001)
Answers
f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: type SOA, class IN, mname
ns0.ribenakid.me.uk
Name: f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
Type: SOA (Start Of a zone of Authority) (6)
Class: IN (0x0001)
Time to live: 0
Data length: 48
Primary name server: ns0.ribenakid.me.uk
Responsible authority's mailbox: bind.ribenakid.me.uk
Serial Number: 1668670704
Refresh Interval: 28800 (8 hours)
Retry Interval: 14400 (4 hours)
Expire limit: 3600000 (41 days, 16 hours)
Minimum TTL: 86400 (1 day)
[Response In: 2]
No. Time Source Destination Protocol
Length Info
2 0.075135 172.104.29.216 85.119.80.222 DNS 100
Zone change notification response 0xe40c SOA
f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
Frame 2: 100 bytes on wire (800 bits), 100 bytes captured (800 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Nov 17, 2022 14:59:29.866250000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1668697169.866250000 seconds
[Time delta from previous captured frame: 0.075135000 seconds]
[Time delta from previous displayed frame: 0.075135000 seconds]
[Time since reference or first frame: 0.075135000 seconds]
Frame Number: 2
Frame Length: 100 bytes (800 bits)
Capture Length: 100 bytes (800 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff), Dst: Precisio_00:04:86
(00:16:5e:00:04:86)
Destination: Precisio_00:04:86 (00:16:5e:00:04:86)
Address: Precisio_00:04:86 (00:16:5e:00:04:86)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff)
Address: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address
(this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 172.104.29.216, Dst: 85.119.80.222
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
(0)
Total Length: 86
Identification: 0x015a (346)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 53
Protocol: UDP (17)
Header checksum: 0xd3a7 [validation disabled]
[Header checksum status: Unverified]
Source: 172.104.29.216
Destination: 85.119.80.222
User Datagram Protocol, Src Port: 53, Dst Port: 48859
Source Port: 53
Destination Port: 48859
Length: 66
Checksum: 0xe825 [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
Domain Name System (response)
Transaction ID: 0xe40c
Flags: 0xa400 Zone change notification response, No error
1... .... .... .... = Response: Message is a response
.010 0... .... .... = Opcode: Zone change notification (4)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: type SOA, class IN
Name: f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
[Name Length: 40]
[Label Count: 18]
Type: SOA (Start Of a zone of Authority) (6)
Class: IN (0x0001)
[Request In: 1]
[Time: 0.075135000 seconds]
No. Time Source Destination Protocol
Length Info
3 0.786569 172.104.29.216 85.119.80.222 DNS 111
Standard query 0x8a61 SOA f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa OPT
Frame 3: 111 bytes on wire (888 bits), 111 bytes captured (888 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Nov 17, 2022 14:59:30.577684000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1668697170.577684000 seconds
[Time delta from previous captured frame: 0.711434000 seconds]
[Time delta from previous displayed frame: 0.711434000 seconds]
[Time since reference or first frame: 0.786569000 seconds]
Frame Number: 3
Frame Length: 111 bytes (888 bits)
Capture Length: 111 bytes (888 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff), Dst: Precisio_00:04:86
(00:16:5e:00:04:86)
Destination: Precisio_00:04:86 (00:16:5e:00:04:86)
Address: Precisio_00:04:86 (00:16:5e:00:04:86)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff)
Address: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address
(this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 172.104.29.216, Dst: 85.119.80.222
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
(0)
Total Length: 97
Identification: 0x015d (349)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 53
Protocol: UDP (17)
Header checksum: 0xd399 [validation disabled]
[Header checksum status: Unverified]
Source: 172.104.29.216
Destination: 85.119.80.222
User Datagram Protocol, Src Port: 17071, Dst Port: 53
Source Port: 17071
Destination Port: 53
Length: 77
Checksum: 0x485c [unverified]
[Checksum Status: Unverified]
[Stream index: 1]
Domain Name System (query)
Transaction ID: 0x8a61
Flags: 0x0000 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: type SOA, class IN
Name: f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
[Name Length: 40]
[Label Count: 18]
Type: SOA (Start Of a zone of Authority) (6)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 2800
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Response In: 4]
No. Time Source Destination Protocol
Length Info
4 0.786910 85.119.80.222 172.104.29.216 DNS 111
Standard query response 0x8a61 SOA f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
OPT
Frame 4: 111 bytes on wire (888 bits), 111 bytes captured (888 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Nov 17, 2022 14:59:30.578025000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1668697170.578025000 seconds
[Time delta from previous captured frame: 0.000341000 seconds]
[Time delta from previous displayed frame: 0.000341000 seconds]
[Time since reference or first frame: 0.786910000 seconds]
Frame Number: 4
Frame Length: 111 bytes (888 bits)
Capture Length: 111 bytes (888 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Precisio_00:04:86 (00:16:5e:00:04:86), Dst: fe:ff:ff:ff:ff:ff
(fe:ff:ff:ff:ff:ff)
Destination: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff)
Address: fe:ff:ff:ff:ff:ff (fe:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address
(this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Precisio_00:04:86 (00:16:5e:00:04:86)
Address: Precisio_00:04:86 (00:16:5e:00:04:86)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 85.119.80.222, Dst: 172.104.29.216
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
(0)
Total Length: 97
Identification: 0x718a (29066)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x986c [validation disabled]
[Header checksum status: Unverified]
Source: 85.119.80.222
Destination: 172.104.29.216
User Datagram Protocol, Src Port: 53, Dst Port: 17071
Source Port: 53
Destination Port: 17071
Length: 77
Checksum: 0x70f4 [unverified]
[Checksum Status: Unverified]
[Stream index: 1]
Domain Name System (response)
Transaction ID: 0x8a61
Flags: 0x8600 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..1. .... .... = Truncated: Message is truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: type SOA, class IN
Name: f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
[Name Length: 40]
[Label Count: 18]
Type: SOA (Start Of a zone of Authority) (6)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 1232
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Request In: 3]
[Time: 0.000341000 seconds]
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
