[afnog] Resolver issues

Geert Jan de Groot GeertJan.deGroot at xs4all.nl
Mon Apr 10 17:52:24 EAT 2006


On Mon, 10 Apr 2006 15:13:40 +0100  Brian Candler wrote:
> > 16:53:52.905281 www.1679 > ole.domain: [bad udp cksum a373!]  52691+ A? 
> > H.ROOT-SERVERS.NET. (36) (ttl 64, id 4094, len 64)
> Aha. That's *very* suspicious. UDP packets with bad checksums will be
> silently dropped by your TCP stack. This is a very strange and rare
> occurrence.
> 
> Using tcpdump at both ends of the connection, or on a third machine hanging
> off a hub (not switch) in between, you can work out whether the packet has
> been sent with a bad checksum, or was corrupted in transit, or received with
> a bad checksum.

Caution: certain OS-es, when used with network cards with checksum offloading,
will generate tcpdump checksum errors on perfectly good packets with
only partially calculated (and hence incorrect) checksums.

Whether that is happening can be seen with netstat -s (check 'bad checksum'
under UDP and IP).

In my experience, a card that works otherwise but corrupts data
is very, very rare. I have never seen it, except for (ho hum)
driver bugs. And even that is extremely unlikely: ARP would never
complete, and you would not see IP traffic.

As long as the netstat error counters stay motionless, I'd suggest
to look at the other suggestions first.

Geert Jan




More information about the afnog mailing list