Barry Finkel
2000-05-19 14:39:45 UTC
I am looking at a sniffer trace from a Windows 2000 Professional
(RTM release) machine talking to a BIND 8.2.2-P5 (Solaris 5.6).
The Windows 2000 box is sending a TKEY record to DNS, and BIND
is responding with response code 1 (Format Error). Is this something
that BIND does not yet support? I searched the archives for "tsig" or
"tkey", but I found no hits (even though I seem to remember this topic
being discussed previously). Here is one of the TKEY packets being
sent by W2k to DNS; I have taken the sniffer printout and added my
decoding based on the document
draft-ietf-dnsext-tkey-02.txt
but I cannot insure that my decoding is 100% correct.
- - - - - - - - - - - - - - - - Frame 6 - - - - - - - - - - - - - - - - -
SUMMARY Delta T Destination Source Summary
6 0.0003 dns0.anl.gov w2kdesk222.ct.. DNS C ID=12087 OP=QUERY NAME=893353197586-3
DNS: ----- Internet Domain Name Service header -----
DNS:
DNS: ID = 12087
DNS: Flags = 00
DNS: 0... .... = Command
DNS: .000 0... = Query
DNS: .... ..0. = Not truncated
DNS: .... ...0 = No recursion desired
DNS: Flags = 0X
DNS: ...0 .... = Unicast packet
DNS: Question count = 1, Answer count = 1
DNS: Authority count = 0, Additional record count = 0
DNS:
DNS: Question section:
DNS: Name = 893353197586-3
DNS: Type = TKEY (TKEY,249)
DNS: Class = Internet (IN,1)
DNS: Answer section:
DNS: Name = 893353197586-3
DNS: Type = TKEY (TKEY,249)
DNS: Class = ? (?,255)
DNS: Time-to-live = 0 (seconds)
DNS: Length = 84
DNS:
DNS: *** 84 byte(s) of additional data present ***
DNS:
DNS: [Abnormal end of "Internet Domain Name Service header".]
DNS:
ADDR HEX ASCII
0000 08 00 20 23 7A 88 00 10 5A 08 3A 33 08 00 45 00 .. #z...Z.:3..E.
0010 00 B8 D7 7A 40 00 80 06 9F 59 C0 A8 01 17 C0 A8 ...z at ....Y......
0020 01 04 07 0A 00 35 39 6E 13 A7 37 1D 40 79 50 18 .....59n..7. at yP.
0030 44 70 2C 98 00 00 00 8E 2F 37 00 00 00 01 00 01 Dp,...../7......
0040 00 00 00 00 0E 38 39 33 33 35 33 31 39 37 35 38 .....89335319758
0050 36 2D 33 00 00 F9 00 01 0E 38 39 33 33 35 33 31 6-3......8933531
0060 39 37 35 38 36 2D 33 00 00 F9 00 FF 00 00 00 00 97586-3.........
0070 00 54 03 67 73 73 09 6D 69 63 72 6F 73 6F 66 74 .T.gss.microsoft
0080 03 63 6F 6D 00 39 1C 5D E0 39 1D AF 60 00 03 00 .com.9.].9..`...
0090 00 00 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 ..1NTLMSSP......
00A0 B2 00 E0 07 00 07 00 2A 00 00 00 0A 00 0A 00 20 .......*.......
00B0 00 00 00 57 32 4B 44 45 53 4B 32 32 32 45 43 54 ...W2KDESK222ECT
00C0 2D 32 32 31 00 00 -221..
ADDR HEX ASCII
0000 08 00 20 23 7A 88 00 10 5A 08 3A 33 08 00 45 00 TCP/IP Header
0010 00 B8 D7 7A 40 00 80 06 9F 59 C0 A8 01 17 C0 A8 .
0020 01 04 07 0A 00 35 39 6E 13 A7 37 1D 40 79 50 18 .
0030 44 70 2C 98 00 00 00 8E .
0030 2F 37 ID = X'2F37' = F'12087'
0030 00 00 QR=0;Opcode=0=Query
0030 00 01 Question Count = 0
0030 00 01 Answer Count = 1
0040 00 00 Authority Count = 0
0040 00 00 Additional Count = 0
--------------------
0040 0E 38 39 33 33 35 33 31 39 37 35 38 QNAME: 14 '89335319758
0050 36 2D 33 6-3'
0050 00 00
0050 00 F9 QTYPE = X'F9' = F'249' = TKEY
0050 00 01 QCLASS = 1 = IN
--------------------
0050 0E 38 39 33 33 35 33 31 ANSNAME: 14 '8933531
0060 39 37 35 38 36 2D 33 97586-3'
0060 00 00
0060 00 F9 ANSTYPE = X'F9' = F'249' = TKEY
0060 00 FF ANSCLASS = 255 = ANY
0060 00 00 00 00 ANSTTL = 0
0070 00 54 ANSRDLENGTH = X'54' = F'94'
0070 03 67 73 73 ANSRDATA: Algorithm: 03 'gss'
0070 09 6D 69 63 72 6F 73 6F 66 74 09 'microsoft
0080 03 63 6F 6D 03 'com'
0080 00 00
0080 39 1C 5D E0 Inception: F'958160352' = Fri May 12 14:39:12 2000
0080 39 1D AF 60 Expiration: F'958246752' = Sat May 13 14:39:12 2000
0080 00 03 Mode: F'03' = GSS-API negotiation
0080 00 Error:
0090 00 F'0'
0090 00 31 Key Size: F'49'
0090 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 Key Data: "NTLMSSP......
00A0 B2 00 E0 07 00 07 00 2A 00 00 00 0A 00 0A 00 20 ..............
00B0 00 00 00 57 32 4B 44 45 53 4B 32 32 32 45 43 54 ...W2KDESK222ECT
00C0 2D 32 32 31 00 00 -221"
00C0 00 00 Other Size: F'0'
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-9689
Building 221, Room B236 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4844 IBMMAIL: I1004994
(RTM release) machine talking to a BIND 8.2.2-P5 (Solaris 5.6).
The Windows 2000 box is sending a TKEY record to DNS, and BIND
is responding with response code 1 (Format Error). Is this something
that BIND does not yet support? I searched the archives for "tsig" or
"tkey", but I found no hits (even though I seem to remember this topic
being discussed previously). Here is one of the TKEY packets being
sent by W2k to DNS; I have taken the sniffer printout and added my
decoding based on the document
draft-ietf-dnsext-tkey-02.txt
but I cannot insure that my decoding is 100% correct.
- - - - - - - - - - - - - - - - Frame 6 - - - - - - - - - - - - - - - - -
SUMMARY Delta T Destination Source Summary
6 0.0003 dns0.anl.gov w2kdesk222.ct.. DNS C ID=12087 OP=QUERY NAME=893353197586-3
DNS: ----- Internet Domain Name Service header -----
DNS:
DNS: ID = 12087
DNS: Flags = 00
DNS: 0... .... = Command
DNS: .000 0... = Query
DNS: .... ..0. = Not truncated
DNS: .... ...0 = No recursion desired
DNS: Flags = 0X
DNS: ...0 .... = Unicast packet
DNS: Question count = 1, Answer count = 1
DNS: Authority count = 0, Additional record count = 0
DNS:
DNS: Question section:
DNS: Name = 893353197586-3
DNS: Type = TKEY (TKEY,249)
DNS: Class = Internet (IN,1)
DNS: Answer section:
DNS: Name = 893353197586-3
DNS: Type = TKEY (TKEY,249)
DNS: Class = ? (?,255)
DNS: Time-to-live = 0 (seconds)
DNS: Length = 84
DNS:
DNS: *** 84 byte(s) of additional data present ***
DNS:
DNS: [Abnormal end of "Internet Domain Name Service header".]
DNS:
ADDR HEX ASCII
0000 08 00 20 23 7A 88 00 10 5A 08 3A 33 08 00 45 00 .. #z...Z.:3..E.
0010 00 B8 D7 7A 40 00 80 06 9F 59 C0 A8 01 17 C0 A8 ...z at ....Y......
0020 01 04 07 0A 00 35 39 6E 13 A7 37 1D 40 79 50 18 .....59n..7. at yP.
0030 44 70 2C 98 00 00 00 8E 2F 37 00 00 00 01 00 01 Dp,...../7......
0040 00 00 00 00 0E 38 39 33 33 35 33 31 39 37 35 38 .....89335319758
0050 36 2D 33 00 00 F9 00 01 0E 38 39 33 33 35 33 31 6-3......8933531
0060 39 37 35 38 36 2D 33 00 00 F9 00 FF 00 00 00 00 97586-3.........
0070 00 54 03 67 73 73 09 6D 69 63 72 6F 73 6F 66 74 .T.gss.microsoft
0080 03 63 6F 6D 00 39 1C 5D E0 39 1D AF 60 00 03 00 .com.9.].9..`...
0090 00 00 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 ..1NTLMSSP......
00A0 B2 00 E0 07 00 07 00 2A 00 00 00 0A 00 0A 00 20 .......*.......
00B0 00 00 00 57 32 4B 44 45 53 4B 32 32 32 45 43 54 ...W2KDESK222ECT
00C0 2D 32 32 31 00 00 -221..
ADDR HEX ASCII
0000 08 00 20 23 7A 88 00 10 5A 08 3A 33 08 00 45 00 TCP/IP Header
0010 00 B8 D7 7A 40 00 80 06 9F 59 C0 A8 01 17 C0 A8 .
0020 01 04 07 0A 00 35 39 6E 13 A7 37 1D 40 79 50 18 .
0030 44 70 2C 98 00 00 00 8E .
0030 2F 37 ID = X'2F37' = F'12087'
0030 00 00 QR=0;Opcode=0=Query
0030 00 01 Question Count = 0
0030 00 01 Answer Count = 1
0040 00 00 Authority Count = 0
0040 00 00 Additional Count = 0
--------------------
0040 0E 38 39 33 33 35 33 31 39 37 35 38 QNAME: 14 '89335319758
0050 36 2D 33 6-3'
0050 00 00
0050 00 F9 QTYPE = X'F9' = F'249' = TKEY
0050 00 01 QCLASS = 1 = IN
--------------------
0050 0E 38 39 33 33 35 33 31 ANSNAME: 14 '8933531
0060 39 37 35 38 36 2D 33 97586-3'
0060 00 00
0060 00 F9 ANSTYPE = X'F9' = F'249' = TKEY
0060 00 FF ANSCLASS = 255 = ANY
0060 00 00 00 00 ANSTTL = 0
0070 00 54 ANSRDLENGTH = X'54' = F'94'
0070 03 67 73 73 ANSRDATA: Algorithm: 03 'gss'
0070 09 6D 69 63 72 6F 73 6F 66 74 09 'microsoft
0080 03 63 6F 6D 03 'com'
0080 00 00
0080 39 1C 5D E0 Inception: F'958160352' = Fri May 12 14:39:12 2000
0080 39 1D AF 60 Expiration: F'958246752' = Sat May 13 14:39:12 2000
0080 00 03 Mode: F'03' = GSS-API negotiation
0080 00 Error:
0090 00 F'0'
0090 00 31 Key Size: F'49'
0090 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 Key Data: "NTLMSSP......
00A0 B2 00 E0 07 00 07 00 2A 00 00 00 0A 00 0A 00 20 ..............
00B0 00 00 00 57 32 4B 44 45 53 4B 32 32 32 45 43 54 ...W2KDESK222ECT
00C0 2D 32 32 31 00 00 -221"
00C0 00 00 Other Size: F'0'
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-9689
Building 221, Room B236 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4844 IBMMAIL: I1004994