Support Center > Search Results > SecureKnowledge Details
DNS related errors in SmartView Tracker
Symptoms
  • SmartView Tracker errors:

    • Bad DNS header, Z flag is different than 0.
    • Illegal Resource Record format (request).
    • badly formed dns.
    • Invalid DNS.
Cause

The Flags field on the packet is "0x8020." The "0x20" in the second byte of the flag indicates that the answer is authenticated using Domain Name System Security Protocol (DNSSEC). By default the security gateway drops packets with DNSSEC.

RFC 1035 states, the "Z" (zero) flag of the DNS message header is defined as "Reserved for future" use. Must be zero in all queries and responses." However, RFC 2535 provides for the use of two of the three Z-flag bits. Those bits are considered DNS security bits. Packets with those two bits are an integral part of many server connections.

RFC titles:
RFC 1035: "Domain names - implementation and specification".
RFC 2535: "Domain Name System Security Extension".


Solution
Note: To view this solution you need to Sign In .