[iodine-users] Iodined response error on FreeBSD

Bill Anderson wicheesemaker at gmail.com
Wed Nov 8 21:09:44 CET 2023 

Hi, I am wondering if someone has an idea what is going on with my iodine
server on a FreeBSD system.  It successfully creates a tunnel interface and
listening socket, but does not respond to anything once running.  When in
debug mode, I am seeing an error message whenever a "NS" request comes in.
(It doesn't seem to even try responding to anything else, which I'm
assuming is the expected behavior)

(Side note: The iodine service is proxied behind a standard BIND9 service,
which forwards queries for the iodine subdomain.  I've setup packet
sniffers on the interfaces in various configurations, to confirm that the
forwarding is working as expected.  BIND9 is doing what it's supposed to.
It seems the problem is strictly with iodine not responding...)

Below is the command line and debug output.  I am substituting the domain
name with mydomain.com, and public ip address with 55.55.55.55.  To
generate queries, I used nslookup from an external client directly to the
public address of the BIND9 service.  I also tried the iodine checking
service, and nslookup directly to the iodine service, all with the same
results.

I noted in the output below *(italicized)* when each query was sent

*[root@ /]#* iodined -c -DDDD -l 192.168.53.1 -p 5353 -d tun1 -n
55.55.55.55 172.16.0.1 a.mydomain.com
ALERT! Other dns servers expect you to run on port 53.
You must manually forward port 53 to port 5353 for things to work.
Debug level 4 enabled, will stay in foreground.
Add more -D switches to set higher debug level.
Enter tunnel password:
Opened /dev/tun1
Setting IP of tun1 to 172.16.0.1
Adding route 172.16.0.0/27 to 172.16.0.1
add net 172.16.0.0: gateway 172.16.0.1 fib 0
Setting MTU of tun1 to 1130
Opened IPv4 UDP socket
Opened IPv6 UDP socket
Listening to dns for domain a.mydomain.com
*        (NS query for a.mydomain.com <http://a.mydomain.com>, forwarded
from BIND9)*
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
*        (NS query for test.a.mydomain.com <http://test.a.mydomain.com>)*
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name test.a.mydomain.com
TX: client 192.168.53.1, type 2, name test.a.mydomain.com, 75 bytes NS reply
iodined: ns reply send error: Invalid argument
*        (ANY query for a.mydomain.com <http://a.mydomain.com> ... when
I've tried A queries I get a similar result)*
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
RX: client 192.168.53.1, type 255, name a.mydomain.com
*        (ANY query for test.a.mydomain.com <http://test.a.mydomain.com>)*
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
RX: client 192.168.53.1, type 255, name test.a.mydomain.com
*        (used the iodine checking service
at https://code.kryo.se/iodine/check-it/
<https://code.kryo.se/iodine/check-it/>)*

RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
*        (used nslookup on the iodine service itself, going directly to
port 5353... skipping BIND9 forwarding)*
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument
RX: client 192.168.53.1, type 2, name a.mydomain.com
TX: client 192.168.53.1, type 2, name a.mydomain.com, 70 bytes NS reply
iodined: ns reply send error: Invalid argument

Any idea what is going on, and why iodined keeps giving this "ns reply send
error: Invalid argument"  message?

Thanks!

Bill Anderson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wpkg.org/pipermail/iodine-users/attachments/20231108/86093374/attachment.html>

More information about the iodine-users mailing list