Error msg: ;; Warning: Message parser reports malformed message packet

3

It started a few weeks ago and it's intermittent. Going to google.com,Facebook.com would return

This site can’t be reached
www.google.com’s server IP address could not be found.

This happens even if I was on the site earlier in the day. Sometimes booting the router or laptop would resolve the issue but not always. Sometimes It would start working after being left alone overnight.

Doing a nslookup or dig returns:

jeffreyschwartz@jeffreys-MacBook-Pro:/usr/bin$ nslookup google.com
;; Warning: Message parser reports malformed message packet.
Server:     1.1.1.1
Address:    1.1.1.1#53
Non-authoritative answer:
Name:   google.com
Address: \# 4 ACD907AE
jeffreyschwartz@jeffreys-MacBook-Pro:/usr/bin$ dig google.com
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.10.6 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29237
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Message has 26875 extra bytes at end
;; QUESTION SECTION:
;google.com.            IN  A
;; ANSWER SECTION:
google.com.     30825   RESERVED0 A \# 4 ACD907AE
;; Query time: 42 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Apr 13 18:53:28 EDT 2020
;; MSG SIZE  rcvd: 26929

Clearing the cache sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder; says cache flushed didn't help.

Some other commands that I found that might be useful.

scutil --dns
DNS configuration

resolver #1
  search domain[0] : fios-router.home
  nameserver[0] : 1.1.1.1
  nameserver[1] : 8.8.8.8
  nameserver[2] : 192.168.1.1
  nameserver[3] : 1.0.0.1
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : fios-router.home
  nameserver[0] : 1.1.1.1
  nameserver[1] : 8.8.8.8
  nameserver[2] : 192.168.1.1
  nameserver[3] : 1.0.0.1
  if_index : 5 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)
jeffreyschwartz@jeffreys-MacBook-Pro:/usr/bin$

jeffreyschwartz@jeffreys-MacBook-Pro:/usr/bin$ dns-sd -G v4 google.com
DATE: ---Mon 13 Apr 2020---
19:01:39.457  ...STARTING...
Timestamp     A/R    Flags if Hostname                               Address                                      TTL
19:01:40.531  Add        2  0 google.com.                            0.0.0.0                                      77   No Such Record
^C
jeffreyschwartz@jeffreys-MacBook-Pro:/usr/bin$ dns-sd -V
Currently running daemon (system service) is version 880.70.3

dscacheutil -q host -a name google.com
name: google.com
ipv6_address: 2607:f8b0:4004:800::200e

The issue happens in safari, google chrome, and Brave. macOS is Mojave v10.14.6 (18G4032). All other software are up do date.

I can also provide a wireshark or other info as needed.

networking
macos
google-chrome
dns
asked on Super User Apr 13, 2020 by Jeffrey S • edited Apr 13, 2020 by DavidPostill

1 Answer

0

I don't know if you posted this, but it's exactly the same problem I'm having for almost two weeks. It's really hard to tell what the problem is since it sometimes works, but seconds later it doesn't anymore. If anybody can help I can give some more info about what I tried:

  • From Mobile (Android 10):
    • Wifi:
      • I can reach webpages through web browsers (DuckDuckGo, Firefox, Brave).
      • I can check both Protonmail and Gmail through its application.
      • I can use speedtest app, the result is okay.
      • I can ping 8.8.8.8 or www.uab.cat (with Termux app).
      • I can't ping neither google.com nor www.google.com (with Termux app).
    • Data:
      • I cannot retrieve webpages through web browsers.
      • I can check my Gmail through its applitacion, but I can't do the same with my Protonmail.
      • I can't use speedtest app, it tries to connect to the server for very long time, but it can't achieve it.
      • I can ping 8.8.8.8, www.uab.cat, google.com, www.google.com (with Termux app).
  • From real computer (Ubuntu 18.04): same network as mobile wifi
    • I can ping 8.8.8.8 and 1.1.1.1 (this is the DNS server I use)
    • I can ping www.uab.cat, tecmint.com and slashroot.in
    • I cannot ping google.com or www.google.com. I'm given a "System error" message immediately, it doesn't even try to connect.
    • I get 0 Mbps, both upload and download, with speedtest-cli (server: 83.35.62.187)
    • Web browsers:
      • Chromium: no VPN
      • I can't access google.com or duckduckgo.com
      • I can access uab.cat, xtec.cat
      • Firefox:
        • No VPN: same as Chromium
        • VPN: I can access some sites.
        • But after two minutes I have to reconnect (same VPN or change it) and it'll work for two more minutes.
        • It sometimes stops working no matter how many retries I do, or how many VPNs I try to connect.
      • TorBrowser: Everything fine. Well there are some sites which don't allow connections throuh Tor relays but it works as usual.
  • From virtual Machine (Windows 7):
    • Same as real machine (Ubunut 18.04)

I sometimes fail to ping a domain, but it also works sometimes. I keep getting (most of the time) the message: "Warning: Message parser reports malformed message packet."

digging for with dig: some sites

digging for with dig: tracing

BTW, on the last image you'll see the DNS resolver is a private one, from a virtual machine, it's a bind9 in recursive mode and it forwards to 1.1.1.1 or 1.0.0.1.

answered on Super User Apr 26, 2020 by gnunez88

User contributions licensed under CC BY-SA 3.0