[prev in list] [next in list] [prev in thread] [next in thread]
List: iodine-users
Subject: [iodine-users] Iodined response error on FreeBSD
From: Bill Anderson <wicheesemaker () gmail ! com>
Date: 2023-11-08 20:09:44
Message-ID: CAG1mP1Yv9DL4UMSz8dNuhv12ACNhFc+hYba2JKbe+TEakk_aoQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi, I am wondering if someone has an idea what is going on with my iodine
server on a FreeBSD system. It successfully creates a tunnel interface and
listening socket, but does not respond to anything once running. When in
debug mode, I am seeing an error message whenever a "NS" request comes in.
(It doesn't seem to even try responding to anything else, which I'm
assuming is the expected behavior)
(Side note: The iodine service is proxied behind a standard BIND9 service,
which forwards queries for the iodine subdomain. I've setup packet
sniffers on the interfaces in various configurations, to confirm that the
forwarding is working as expected. BIND9 is doing what it's supposed to.
It seems the problem is strictly with iodine not responding...)
Below is the command line and debug output. I am substituting the domain
name with mydomain.com, and public ip address with 55.55.55.55. To
generate queries, I used nslookup from an external client directly to the
public address of the BIND9 service. I also tried the iodine checking
service, and nslookup directly to the iodine service, all with the same
results.
I noted in the output below *(italicized)* when each query was sent
*[root@ /]#* iodined -c -DDDD -l 192.168.53.1 -p 5353 -d tun1 -n
55.55.55.55 172.16.0.1 a.mydomain.com
ALERT! Other dns servers expect you to run on port 53.
You must manually forward port 53 to port 5353 for things to work.
Debug level 4 enabled, will stay in foreground.
Add more -D switches to set higher debug level.
Enter tunnel password:
Opened /dev/tun1
Setting IP of tun1 to 172.16.0.1
Adding route 172.16.0.0/27 to 172.16.0.1
add net 172.16.0.0: gateway 172.16.0.1 fib 0
Setting MTU of tun1 to 1130
Opened IPv4 UDP socket
Opened IPv6 UDP socket
Listening to dns for domain a.mydomain.com
* (NS query for a.mydomain.com <http://a.mydomain.com>, forwarded
from BIND9)*
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
* (NS query for test.a.mydomain.com <http://test.a.mydomain.com>)*
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
* (ANY query for a.mydomain.com <http://a.mydomain.com> ... when
I've tried A queries I get a similar result)*
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
* (ANY query for test.a.mydomain.com <http://test.a.mydomain.com>)*
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
* (used the iodine checking service
at https://code.kryo.se/iodine/check-it/
<https://code.kryo.se/iodine/check-it/>)*
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
* (used nslookup on the iodine service itself, going directly to
port 5353... skipping BIND9 forwarding)*
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
Any idea what is going on, and why iodined keeps giving this "ns reply send
error: Invalid argument" message?
Thanks!
Bill Anderson
[Attachment #5 (text/html)]
<div dir="ltr">Hi, I am wondering if someone has an idea what is going on with my \
iodine server on a FreeBSD system. It successfully creates a tunnel interface and \
listening socket, but does not respond to anything once running. When in debug \
mode, I am seeing an error message whenever a "NS" request comes in. (It \
doesn't seem to even try responding to anything else, which I'm assuming is \
the expected behavior)<div><br></div><div>(Side note: The iodine service is proxied \
behind a standard BIND9 service, which forwards queries for the iodine subdomain. \
I've setup packet sniffers on the interfaces in various configurations, to \
confirm that the forwarding is working as expected. BIND9 is doing what it's \
supposed to. It seems the problem is strictly with iodine not \
responding...)<br><div><br></div><div><div>Below is the command line and debug \
output. I am substituting the domain name with <a \
href="http://mydomain.com">mydomain.com</a>, and public ip address with 55.55.55.55. \
To generate queries, I used nslookup from an external client directly to the public \
address of the BIND9 service. I also tried the iodine checking service, and \
nslookup directly to the iodine service, all with the same \
results.</div><div><br></div><div>I noted in the output below <i>(italicized)</i> \
when each query was sent</div></div><div><br></div><div><blockquote style="margin:0 0 \
0 40px;border:none;padding:0px"><div><font face="monospace"><b>[root@ /]#</b> \
</font><span style="font-family:monospace">iodined -c -DDDD -l 192.168.53.1 -p 5353 \
-d tun1 -n 55.55.55.55 172.16.0.1 <a \
href="http://a.mydomain.com">a.mydomain.com</a></span></div><font \
face="monospace">ALERT! Other dns servers expect you to run on port \
53.</font><br><font face="monospace">You must manually forward port 53 to port 5353 \
for things to work.</font><br><font face="monospace">Debug level 4 enabled, will stay \
in foreground.</font><br><font face="monospace">Add more -D switches to </font>set \
higher<font face="monospace"> debug level.</font><br><font face="monospace">Enter \
tunnel password: </font><br><font face="monospace">Opened /dev/tun1</font><br><font \
face="monospace">Setting IP of tun1 to 172.16.0.1</font><br><font \
face="monospace">Adding route <a href="http://172.16.0.0/27">172.16.0.0/27</a> to \
172.16.0.1</font><br><font face="monospace">add net <a \
href="http://172.16.0.0">172.16.0.0</a>: gateway 172.16.0.1 fib 0</font><br><font \
face="monospace">Setting MTU of tun1 to 1130</font><br><font face="monospace">Opened \
IPv4 UDP socket</font><br><font face="monospace">Opened IPv6 UDP \
socket</font><br><font face="monospace">Listening to dns for domain <a \
href="http://a.mydomain.com">a.mydomain.com</a></font><br><font face="arial, \
sans-serif"><i> (NS query for <a \
href="http://a.mydomain.com">a.mydomain.com</a>, forwarded from \
BIND9)</i></font><br><font face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://a.mydomain.com">a.mydomain.com</a></font><br><font face="monospace">TX: \
client 192.168.53.1, type 2, name <a href="http://a.mydomain.com">a.mydomain.com</a>, \
70 bytes NS reply</font><br>iodined<font face="monospace">: ns reply send error: \
Invalid argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, \
name <a href="http://a.mydomain.com">a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://a.mydomain.com">a.mydomain.com</a>, 70 bytes NS \
reply</font><br>iodined<font face="monospace">: ns reply send error: Invalid \
argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://a.mydomain.com">a.mydomain.com</a></font><br><font face="monospace">TX: \
client 192.168.53.1, type 2, name <a href="http://a.mydomain.com">a.mydomain.com</a>, \
70 bytes NS reply</font><br>iodined<font face="monospace">: ns reply send error: \
Invalid argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, \
name <a href="http://a.mydomain.com">a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://a.mydomain.com">a.mydomain.com</a>, 70 bytes NS \
reply</font><br>iodined<font face="monospace">: ns reply send error: Invalid \
argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://a.mydomain.com">a.mydomain.com</a></font><br><font face="monospace">TX: \
client 192.168.53.1, type 2, name <a href="http://a.mydomain.com">a.mydomain.com</a>, \
70 bytes NS reply</font><br>iodined<font face="monospace">: ns reply send error: \
Invalid argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, \
name <a href="http://a.mydomain.com">a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://a.mydomain.com">a.mydomain.com</a>, 70 bytes NS reply<br></font><i \
style="font-family:arial,sans-serif"> (NS query for <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a>)</i><br>iodined<font \
face="monospace">: ns reply send error: Invalid argument</font><br><font \
face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a>, 75 bytes NS \
reply</font><br>iodined<font face="monospace">: ns reply send error: Invalid \
argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a>, 75 bytes NS \
reply</font><br>iodined<font face="monospace">: ns reply send error: Invalid \
argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a>, 75 bytes NS \
reply</font><br>iodined<font face="monospace">: ns reply send error: Invalid \
argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a>, 75 bytes NS \
reply</font><br>iodined<font face="monospace">: ns reply send error: Invalid \
argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a>, 75 bytes NS \
reply</font><br>iodined<font face="monospace">: ns reply send error: Invalid \
argument</font><br><font face="monospace">RX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">TX: client 192.168.53.1, type 2, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a>, 75 bytes NS \
reply</font><br>iodined<font face="monospace">: ns reply send error: Invalid \
argument<br></font><i style="font-family:arial,sans-serif"> (ANY query for \
<a href="http://a.mydomain.com">a.mydomain.com</a> ... when I've tried A queries \
I get a similar result)</i><br><font face="monospace">RX: client 192.168.53.1, type \
255, name <a href="http://a.mydomain.com">a.mydomain.com</a></font><br><font \
face="monospace">RX: client 192.168.53.1, type 255, name <a \
href="http://a.mydomain.com">a.mydomain.com</a></font><br><font face="monospace">RX: \
client 192.168.53.1, type 255, name <a \
href="http://a.mydomain.com">a.mydomain.com</a></font><br><font face="monospace">RX: \
client 192.168.53.1, type 255, name <a \
href="http://a.mydomain.com">a.mydomain.com</a></font><br><font face="monospace">RX: \
client 192.168.53.1, type 255, name <a \
href="http://a.mydomain.com">a.mydomain.com</a></font><br><font face="monospace">RX: \
client 192.168.53.1, type 255, name <a \
href="http://a.mydomain.com">a.mydomain.com</a><br></font><i \
style="font-family:arial,sans-serif"> (ANY query for <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a>)</i><br><font \
face="monospace">RX: client 192.168.53.1, type 255, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">RX: client 192.168.53.1, type 255, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">RX: client 192.168.53.1, type 255, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">RX: client 192.168.53.1, type 255, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">RX: client 192.168.53.1, type 255, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a></font><br><font \
face="monospace">RX: client 192.168.53.1, type 255, name <a \
href="http://test.a.mydomain.com">test.a.mydomain.com</a><br></font><i><span \
style="font-family:arial,sans-serif"> (used the iodine checking service at \
</span><a href="https://code.kryo.se/iodine/check-it/">https://code.kryo.se/iodine/check-it/</a><span \
style="font-family:arial,sans-serif">)</span></i></blockquote><blockquote \
style="margin:0 0 0 40px;border:none;padding:0px"><div><font face="monospace">RX: \
client 192.168.53.1, type 2, name <a \
href="http://a.mydomain.com">a.mydomain.com</a><br>TX: client 192.168.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com, 70 bytes NS reply<br>iodined: ns reply send error: Invalid \
argument<br>RX: client 192.168.53.1, type 2, name a.</font><span \
style="font-family:monospace">mydomain</span><font face="monospace">.com<br>TX: \
client 192.168.53.1, type 2, name a.</font><span \
style="font-family:monospace">mydomain</span><font face="monospace">.com, 70 bytes NS \
reply<br>iodined: ns reply send error: Invalid argument<br>RX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com<br>TX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com, 70 bytes NS reply<br>iodined: ns reply send error: Invalid \
argument<br>RX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com<br>TX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com, 70 bytes NS reply<br>iodined: ns reply send error: Invalid \
argument<br>RX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com<br>TX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com, 70 bytes NS reply<br>iodined: ns reply send error: Invalid \
argument<br>RX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com<br>TX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com, 70 bytes NS reply<br>iodined: ns reply send error: Invalid \
argument<br></font></div><div><i><span style="font-family:arial,sans-serif"> \
(used nslookup on the iodine service itself, going directly to port 5353... skipping \
BIND9 forwarding</span><span style="font-family:arial,sans-serif">)</span></i><font \
face="monospace"><br></font></div><div><font face="monospace">RX: client \
192.168.53.1, type 2, name a.</font><span \
style="font-family:monospace">mydomain</span><font face="monospace">.com<br>TX: \
client </font><span style="font-family:monospace">192.168</span><font \
face="monospace">.53.1, type 2, name a.</font><span \
style="font-family:monospace">mydomain</span><font face="monospace">.com, 70 bytes NS \
reply<br>iodined: ns reply send error: Invalid argument<br>RX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com<br>TX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com, 70 bytes NS reply<br>iodined: ns reply send error: Invalid \
argument<br>RX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com<br>TX: client </font><span \
style="font-family:monospace">192.168</span><font face="monospace">.53.1, type 2, \
name a.</font><span style="font-family:monospace">mydomain</span><font \
face="monospace">.com, 70 bytes NS reply<br>iodined: ns reply send error: Invalid \
argument<br></font></div><div><font \
face="monospace"><br></font></div></blockquote>Any idea what is going on, and why \
iodined keeps giving this "ns reply send error: Invalid argument" \
message?</div></div><div><br></div><div>Thanks!</div><div><br></div><div>Bill \
Anderson</div></div>
_______________________________________________
iodine-users mailing lists
iodine-users@lists.wpkg.org
https://lists.wpkg.org/mailman/listinfo/iodine-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic