Why is nslookup and dig giving me a "Warning: ID mismatch ... got 0" error?

Question

I'm trying to troubleshoot some persistent connectivity issues and I'm frequently getting the following error message when using dig or nslookup.

bash$ nslookup
> www.google.com
;; Warning: ID mismatch: expected ID 36298, got 0
;; Warning: ID mismatch: expected ID 36298, got 0
;; Warning: ID mismatch: expected ID 36298, got 0

bash$ dig www.google.com
;; Warning: ID mismatch: expected ID 34149, got 0
;; Warning: ID mismatch: expected ID 34149, got 0
;; Warning: ID mismatch: expected ID 34149, got 0

; <<>> DiG 9.8.3-P1 <<>> www.capitalone360.com
;; global options: +cmd
;; connection timed out; no servers could be reached

Can anyone shed light on what this error message means, in particular the "got 0" portion?

Is this a virtual machine or a real box? Also what does your /etc/resolv.conf file contain? — slm, Feb 06 '13 at 06:24
real box, mac os x, /etc/resolve.conf at https://gist.github.com/ralphcallaway/3331c8170660a28d4b35 — Ralph Callaway, Feb 06 '13 at 20:10

score 4 · Accepted Answer · answered Feb 06 '13 at 06:43

4

It means that nslookup or dig received a reply with an ID of zero, rather than the ID it was expecting. As part of the protection against forged DNS replies, each DNS query contains an ID, usually chosen randomly. The DNS server copies the ID into the reply, allowing the client to match replies to queries and to prevent a forged DNS reply from being accepted.

This could be caused by a broken DNS server or broken DNS forwarding or rewriting scheme. It could also be caused by an attack of spoofed DNS replies, though that's unlikely.

answered Feb 06 '13 at 06:43

David Schwartz

31,215
2
53
82

Thanks david, any id why the id would be zero? The research I did initially suggested that the id mismatch error was often due to a timing mismatch with the responses, i.e. response for second query was received, before the first query response, which caused an id mismatch and hence it looked like a forgery. However, every example I saw the received id was a non-zero value. Any thoughts as to why that would be the case – Ralph Callaway Feb 06 '13 at 20:13
I don't think it's a timing mismatch. It looks like a broken server that just doesn't set the ID or a broken proxy/forwarded that doesn't copy it. – David Schwartz Feb 06 '13 at 21:07
Thanks david, that makes sense. Any chance there are tools out there that could troubleshoot/detect issues with dns proxies or forwarding. – Ralph Callaway Feb 07 '13 at 22:25

score 1 · Answer 2 · edited Apr 13 '17 at 12:45

1

Just out of curiosity I came across this solution in a number of threads on apple.stackexchange.com as well as SF.

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

Does running these commands fix your issue?

Resources

edited Apr 13 '17 at 12:45

Community

1

answered Feb 06 '13 at 20:54

slm

7,355
16
54
72

The issue has disappeared for the moment, will definitely give this a try if it occurs again and post the results. – Ralph Callaway Feb 07 '13 at 22:24

Why is nslookup and dig giving me a "Warning: ID mismatch ... got 0" error?

2 Answers2

Resources

Linked