Problems with DNS IXFR/AXFR
I have a problem with DNS IXFR/AXFR, that receives an answer in multiple packets. The situation is:
1- RFC1995 determines that IXFR can have an AXFR as a response;
2- RFC5936 says that AXFR can be sent over multiple responses.
So we have:
IXFR request -> Transaction ID 0x0001
First response -> Transaction ID 0x0001 (beginning with a SOA Type)
Following responses -> Transaction ID 0x0001 (until the end, ending with a SOA Type).
On responses from 2nd to last one, when clicking on the Transaction ID, wireshark says:
Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 340
Is it normal? Is there anything wrong with packets? Or wireshark is not ready for multiple response AXFR?
Comments
Can you share a capture with the packets at issue? Use a public share such as Google Drive, DropBox etc. and post a link to it back here.
Unfortunately I cannot share a pcap, but can share some dropbox link to pkt images.
You can see query, first response pkt and second pkt.
Let me know if you need more
https://www.dropbox.com/s/r28nw3afk30...
https://www.dropbox.com/s/xt7en8ncf28...
https://www.dropbox.com/s/w0awuokbcwn...
I can add to these pngs that first and last response are SOA type.
As far as I can see WS has no support to handle multiple response records for one transaction ID so far. Can you open an issue at https://gitlab.com/wireshark/wireshark/-/issues and attach a sample capture (not screenshots)?
Issue 17293 opened.
Is the issue marked as confidential? I'm not able to see it...