UDP drop / timeout with 1.1.1.1 and 1.0.0.1

nerigal · 2019-02-06 17:22:45 UTC

Hi,

im having random issue with 1.1.1.1 1.0.0.1 that cause serious resolution issues

for obvious privacy purpose, ive changed the ips and the domain in the following test result but what remain important is the behavior itself…

08:54:07.344841 IP (tos 0x0, ttl 56, id 22170, offset 0, flags [DF], proto UDP (17), length 84)
    1.1.1.1.53 > 10.0.1.9.49418: [udp sum ok] 34277 q: A? test.com. 1/0/1 test.com. [22s] A 77.77.77.77 ar: . OPT UDPsize=1452 (56)    
08:54:08.265028 IP (tos 0x0, ttl 64, id 20927, offset 0, flags [none], proto UDP (17), length 68)
    10.0.1.9.50742 > 1.1.1.1.53: [bad udp cksum 0x21ce -> 0x96ff!] 45768+ [1au] A? test.com. ar: . OPT UDPsize=4096 (40)    
08:54:08.270138 IP (tos 0x0, ttl 56, id 14632, offset 0, flags [DF], proto UDP (17), length 84)
    1.1.1.1.53 > 10.0.1.9.50742: [udp sum ok] 45768 q: A? test.com. 1/0/1 test.com. [21s] A 77.77.77.77 ar: . OPT UDPsize=1452 (56)    
08:54:09.663707 IP (tos 0x0, ttl 64, id 21103, offset 0, flags [none], proto UDP (17), length 68)
    10.0.1.9.45022 > 1.1.1.1.53: [bad udp cksum 0x21ce -> 0xaa17!] 46600+ [1au] A? test.com. ar: . OPT UDPsize=4096 (40)    
08:54:09.671332 IP (tos 0x0, ttl 56, id 34980, offset 0, flags [none], proto ICMP (1), length 96)
    1.1.1.1 > 10.0.1.9: ICMP 1.1.1.1 udp port 53 unreachable, length 76
	IP (tos 0x0, ttl 56, id 21103, offset 0, flags [none], proto UDP (17), length 68)
    10.0.1.9.45022 > 1.1.1.1.53: [bad udp cksum 0xc898 -> 0xaa17!] 46600+ [1au] A? test.com. ar: . OPT UDPsize=4096 (40)
08:54:14.662927 IP (tos 0x0, ttl 64, id 22287, offset 0, flags [none], proto UDP (17), length 68)
    10.0.1.9.45022 > 1.1.1.1.53: [bad udp cksum 0x21ce -> 0xaa17!] 46600+ [1au] A? test.com. ar: . OPT UDPsize=4096 (40)
08:54:14.667861 IP (tos 0x0, ttl 56, id 36664, offset 0, flags [none], proto ICMP (1), length 96)
    1.1.1.1 > 10.0.1.9: ICMP 1.1.1.1 udp port 53 unreachable, length 76
	IP (tos 0x0, ttl 56, id 22287, offset 0, flags [none], proto UDP (17), length 68)
    10.0.1.9.45022 > 1.1.1.1.53: [bad udp cksum 0xc898 -> 0xaa17!] 46600+ [1au] A? test.com. ar: . OPT UDPsize=4096 (40)    
08:54:19.664885 IP (tos 0x0, ttl 64, id 22453, offset 0, flags [none], proto UDP (17), length 68)
    10.0.1.9.45022 > 1.1.1.1.53: [bad udp cksum 0x21ce -> 0xaa17!] 46600+ [1au] A? test.com. ar: . OPT UDPsize=4096 (40)    
08:54:19.669385 IP (tos 0x0, ttl 56, id 39145, offset 0, flags [none], proto ICMP (1), length 96)
    1.1.1.1 > 10.0.1.9: ICMP 1.1.1.1 udp port 53 unreachable, length 76
	IP (tos 0x0, ttl 56, id 22453, offset 0, flags [none], proto UDP (17), length 68)
    10.0.1.9.45022 > 1.1.1.1.53: [bad udp cksum 0xc898 -> 0xaa17!] 46600+ [1au] A? test.com. ar: . OPT UDPsize=4096 (40)

This test have been made from different source and different domains with the same behavior
for both 1.1.1.1 and 1.0.0.1

MarkMeyer · 2019-02-06 18:53:16 UTC

I’d tell you a UDP joke, but you might not get it.

Seriously
Double check this with NTP requests and and other public DNS Like 8.8.8.8 or 9.9.9.9 please. What does

netstat -suna

say?

nerigal · 2019-02-07 12:18:17 UTC

Lol

Seriously…
Tried with other dns such as 8.8.8.8 and never had a single issues

Only occur with 1.1.1.1 and 1.0.0.1

nerigal · 2019-02-08 12:48:45 UTC

Is there any UDP rate limit that i haven’t noticed that could cause this ?

if there was a rate limit over DNS protocol, i would have noticed in the answer but this is look more like a network failure and so for the dns client look like a connection timeout