I have an issue where my DNS responses get corrupted when they reach my TCP/IP stack. This is what’s happening:
I have Wireshark running listening for DNS traffic on my NIC.
I dig slack.com on 220.127.116.11
Wireshark gives me this response:
DNS 80 Standard query 0x921b A
DNS 1049 Standard query response 0x921b A
However, dig gives me the following response:
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.10.6 <<>> @18.104.22.168
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37403
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Message has 12795 extra bytes at end
;; QUESTION SECTION:
. IN A
;; ANSWER SECTION:
. 30770 RESERVED0 A # 4 0DF902A6
;; Query time: 1 msec
;; WHEN: Tue Jun 18 14:28:42 CEST 2019
;; MSG SIZE rcvd: 12847
So the DNS response arrives correctly at my NIC, but not at the console/browser/application/wherever i want to use this response.
I've tried different upstream DNS servers, local DNS server (dnsmasq), all the same response.
When i use a VPN, hence different networking stack, the response gets returned correctly. Also when i use my ISP's DNS i get correct responses.
I tried different NICs (Belkin USB, USB hub with Ethernet, Wifi), all with the same behavior.
I'm lost. Any ideas?
MacBook Pro 15" 2018 running MacOS 10.14.5
Wired connection to ISP router, no additional networking equipment.
DNS tried are 22.214.171.124, 126.96.36.199, 188.8.131.52, local dnsmasq.