RE: [m0n0wall] FW: DNS information/error in event log

From:	Fred Wright <fw at well dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	RE: [m0n0wall] FW: DNS information/error in event log
Date:	Mon, 23 Aug 2004 22:59:55 -0700 (PDT)

Back on-list.

On Fri, 20 Aug 2004, Quark IT - Hilton Travis wrote:
> > From: Fred Wright [mailto:fw at well dot com] 
> > Sent: Friday, 20 August 2004 12:01
> > On Fri, 20 Aug 2004, Quark IT - Hilton Travis wrote:
> > 
> > > I have noticed in our W2k3 SBS Error Logs the following types of 
> > > errors, starting at 2024 (local) last night.  Just thought I'd post 
> > > this here in case it is a m0n0wall bug - never seen these errors 
> > > before.  I am running 1.1b17 on a net4501 if that helps, and 1.1b17 
> > > has been running since within about 24h of it being released.
> > [...]
> > > 	The DNS server encountered a bad packet from 192.168.69.254.
> > > Packet processing leads beyond packet length. The event 
> > data contains 
> > > the DNS packet.
> > 
> > Do you have "allow fragments" checked on the rule that 
> > applies to this traffic?
> 
> Unless the default rules have this selected, there are no additional
> rules at all relating to DNS traffic.  This is a pretty standard
> m0n0wall installation right now.

No, there's no option to have this on the default rule (there probably
should be), so if you need it you'll need to create a specfic rule for it.

I'm actually surprised that the client was able to get the incomplete
packet at all.  Normally a packet is discarded unless all fragments are
present.  A Windows "feature" perhaps. :-)

					Fred Wright