Cannot decode multicast DNS packet

[lstrojny]

This packet cannot be decoded:

000084000000000600000000045f686170045f746370056c6f63616c00000c000100001194001411496e646f6f7243616d20324b2d30413143c00c09496e646f6f7263616dc016002f8001000000780005c0a5000140c027002f8001000011940009c02700050000800040c03b00018001000000780004c0a801f3c0270021800100000078000800000000b6f8c03bc0270010800100001194004c0463233d310466663d321469643d34413a34413a33373a37383a34443a3030086d643d54383430300670763d312e310573233d31340473663d300563693d31370b73683d4a6b6e5466773d3d

This is the error:

…/node_modules/dns-packet/index.js:83
        throw new Error('Cannot decode name (bad pointer)')
        ^

Error: Cannot decode name (bad pointer)
    at name.decode (…/node_modules/dns-packet/index.js:83:15)
    at rnsec.decode (…/node_modules/dns-packet/index.js:1147:28)
    at answer.decode (…/node_modules/dns-packet/index.js:1451:18)
    at decodeList (…/node_modules/dns-packet/index.js:1625:19)
    at exports.decode (…/node_modules/dns-packet/index.js:1566:12)
    at Object.<anonymous> (…/dns.js:3:11)
    at Module._compile (node:internal/modules/cjs/loader:1159:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1213:10)
    at Module.load (node:internal/modules/cjs/loader:1037:32)
    at Module._load (node:internal/modules/cjs/loader:878:12)

Node.js v18.12.1

This is the reproduction case:

const dnsPacket = require('dns-packet');

dnsPacket.decode(
    Buffer.from('000084000000000600000000045f686170045f746370056c6f63616c00000c000100001194001411496e646f6f7243616d20324b2d30413143c00c09496e646f6f7263616dc016002f8001000000780005c0a5000140c027002f8001000011940009c02700050000800040c03b00018001000000780004c0a801f3c0270021800100000078000800000000b6f8c03bc0270010800100001194004c0463233d310466663d321469643d34413a34413a33373a37383a34443a3030086d643d54383430300670763d312e310573233d31340473663d300563693d31370b73683d4a6b6e5466773d3d', 'hex'),
);

Interestingly enough, https://pypi.org/project/dnslib/ cannot decode it either while https://github.com/mdns-js/node-dns-js handles it just fine.

const dns = require('dns-js');

const result = dns.DNSPacket.parse(
    Buffer.from('000084000000000600000000045f686170045f746370056c6f63616c00000c000100001194001411496e646f6f7243616d20324b2d30413143c00c09496e646f6f7263616dc016002f8001000000780005c0a5000140c027002f8001000011940009c02700050000800040c03b00018001000000780004c0a801f3c0270021800100000078000800000000b6f8c03bc0270010800100001194004c0463233d310466663d321469643d34413a34413a33373a37383a34443a3030086d643d54383430300670763d312e310573233d31340473663d300563693d31370b73683d4a6b6e5466773d3d', 'hex'),
);

console.log(result);

Not sure what is going on here.

[pusateri]

If you throw it into Wireshark as a trusted 3rd party decoder, and assuming I added an IP and UDP header correctly, it thinks the packet is malformed:

Domain Name System (query) Transaction ID: 0x0084 Flags: 0x0000 Standard query Questions: 0 Answer RRs: 1536 Authority RRs: 0 Additional RRs: 4 Answers [Malformed Packet: DNS] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed]

[lstrojny]

For anybody googling this, if only for my future self: the cause was a local setup problem indeed. Unifi’s Security Gateway mDNS reflection feature ships an old version of avahi that reflects malformed mDNS packets. Turn it off, use another reflector.

avahi-daemon version on the Unify Security Gateway:

/usr/sbin/avahi-daemon --version
avahi-daemon 0.6.31

Unify firmware version:

cat /etc/version
UniFiSecurityGateway.ER-e120.v4.4.56.5449062.211020.0831

In comparison an avahi version that works:

avahi-daemon --version
avahi-daemon 0.8

Hope this can save some poor soul who will stumble over this in the future.