0

I'm trying to setup a custom DNS server. I'm using this code:

http://code.activestate.com/recipes/491264-mini-fake-dns-server/

Nslookup can interpret the DNS server's response:

➜  ~ nslookup google.com 192.168.4.243
Server:         192.168.4.243
Address:        192.168.4.243#53

Non-authoritative answer:
Name:   google.com
Address: 192.168.1.1

However, dig can't interpret it:

➜  ~ dig google.com @192.168.4.243

; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com @192.168.4.243
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35382
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Message has 16 extra bytes at end

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 0 msec
;; SERVER: 192.168.4.243#53(192.168.4.243)
;; WHEN: Mon Sep 03 11:59:38 +03 2018
;; MSG SIZE  rcvd: 55

Even the ping command can interpret it:

root@xx:~# ping google.com
PING google.com (192.168.1.1) 56(84) bytes of data.
64 bytes from test-vm (192.168.1.1): icmp_seq=1 ttl=64 time=0.145 ms
64 bytes from test-vm (192.168.1.1): icmp_seq=2 ttl=64 time=0.440 ms
64 bytes from test-vm (192.168.1.1): icmp_seq=3 ttl=64 time=0.356 ms

How can I fix this problem? What is wrong? Why can't dig interpret the result?

user10309461
  • 1
  • ";; WARNING: Message has 16 extra bytes at end" this is not good. You have something messing with the DNS packets on your network... – Patrick Mevzek Sep 03 '18 at 23:45
  • Writing a nameserver is nowadays something more to be restricted as a learning tool as writing one implementing correctly all aspects of the protocol, including DNSSEC, is very hard and should not be attempted lightly. Viewing the code behind the link you give having like 20 lines I am quite sure that this can not be a valid DNS server in all cases, and I would advise not using it. Python has a DNS library with everything in it needed to do the same thing properly. – Patrick Mevzek Sep 04 '18 at 14:33
  • `ping` is irrelevant here, it just uses the OS `getaddrinfo` to resolve the name. – Patrick Mevzek Sep 04 '18 at 14:34
  • If you want further debug you will need to show the DNS packet in full, or for someone to run the same code. But I believe that to be pointless, like said above this is certainly not enough to have a nameserver fully implementing rules. I do not know what your end goal is, but look at `dnsmasq`, it provides enough basic services for a LAN (recursive caching nameserver with some authoritative features). – Patrick Mevzek Sep 04 '18 at 14:36

0 Answers0