Malformed DNS packet scapy

Question

I have a small python script that acts as a proxy. Everything seems to be working fine with the script except for DNS requests. When a DNS request is received by my script I preform the request and then forward the response back to original user who made the DNS request. However when the one originating the DNS request gets the response it's considered to be malformed. I know there were DNS issues with older versions of scapy, so I updated to scapy 2.3.1 but still have problems.

#!/usr/bin/env python

from tornado.websocket import WebSocketHandler
from tornado.httpserver import HTTPServer
from tornado.web import Application
from tornado.ioloop import IOLoop

from collections import defaultdict
from scapy.all import *
import threading

# Warning: Not thread-safe.
# Dictionary mapping (outbound.dst, outbound.dport) -> count of IP packets awaiting reply
outbound_packets = defaultdict(int)
outbound_udp = defaultdict(int)
connection = None

class PacketSniffer(threading.Thread):
    def __init__(self):
        threading.Thread.__init__(self) 

    def run(self):
        global connection
        while (True):
            pkt = sniff(iface="eth0", count=1)

            if pkt[0].haslayer(IP):
              pkt = pkt[0][IP]

              if outbound_packets[(pkt.src, pkt.sport)] > 0:
                  outbound_packets[(pkt.src, pkt.sport)] -= 1


                  if pkt[0].haslayer(UDP):
                    # Modify the destination address back to the address of the TUN on the host.
                    pkt.dst = "10.0.0.1"

                    try:
                      del pkt[UDP].chksum
                      del pkt[IP].chksum
                      pkt.show2() # Force recompute the checksum
                    except IndexError:
                      print "error deleting"

                    if connection:
                        connection.write_message(str(pkt).encode('base64'))


                  elif pkt[0].haslayer(TCP):
                    print "TCP packet"
                    # Modify the destination address back to the address of the TUN on the host.        
                    pkt.dst = "10.0.0.1"
                    try:
                      del pkt[TCP].chksum
                      del pkt[IP].chksum
                      pkt.show2() # Force recompute the checksum
                    except IndexError:
                      print "error deleting"

                    if connection:
                        connection.write_message(str(pkt).encode('base64'))

I'm no DNS expert but from what I can tell the response has Answer RRs: 2 but looking at the actual DNS answers I only see 1 entry. Is it safe to assume the Answer RRs value should match the number of actual answers? If this is the case, any idea how/why answers are being removed from the DNS entry?

Answer 1

Scapy issue 913 and issue 5105 discuss this problem and ultimately led me to pull request 18 and pull request 91 which fixed the problem.

When I applied these to Scapy 2.2.0 (not 2.3.1) line numbers didn't entirely match but it was obvious where things went. I found and entered 18 first, but 91 by itself may be enough to fix the problem.