Just when you think that you can quietly do some overdue network redesign, everybody suddenly wants network printers / scanners hooked up. And of course, these things are dumb++
We have the Kyocera KM-4035 network printer/scanner. Beautiful machine, it can copy, print and scan. It accepts print jobs from the network, and it can send scanned pictures as PDF to your mailbox.
Well, most of the time. Sometimes it refuses to send emails. Why?
To scan, you need to press the scan button. And sometimes, it just says "SMTP server could not be found". Very annoying. And what was more annoying was that the problem was not easily reproducable, it was actually very hard to figure it out.
To make a long story short, the problem lies in the DNS request of the scanner:
12:54:30.879447 10.200.5.11.1024 > 10.200.5.1.53: 19311 A? smtp.banco.net.au. (47) 0x0000 4500 004b 0a59 0000 ff11 91ad 0ac8 050b E..K.Y.......... 0x0010 0ac8 0501 0400 0035 0037 28ad 4b6f 0000 .......5.7(.Ko.. 0x0020 0001 0000 0000 0000 0473 6d74 7005 6261 .........smtp.ba 0x0030 6e63 6f03 6e65 7402 6175 0000 0100 0100 nco.net.au...... 0x0040 0000 0000 0000 0000 0000 00 ...........
At offset 0x001c the DNS header starts: 0x4b6f (=19311) for the identification, 0x0000 for the flags, 0x0001/0x0000/0x0000/0x000 for the number of requests/answers/authority/additional resource records and the question: who knows the A record for smtp.banco.net.au.
The DNS server for that LAN, at 10.200.5.1, is a caching-only forwarding name server. It does know where to ask for others, but itself isn't authoritative for any domains. It will give answer to questions of which the answers are cached, or to questions which have the RD (Recursion Desired) flag set. The RD flag is normally set for DNS request from simple clients (PCs, network equipment etc). If the RD flag is not set, it indicates that the device (most likely a DNS server) asking the question is smart enough to know how to handle answers with referrals.
So the scanner sends a question without the RD flag.
12:54:30.879929 10.200.5.1.53 > 10.200.5.11.1024: 19311 3/2/2 CNAME smtp.barnet.com.au., CNAME mail2.barnet.com.au., A 220.127.116.11 (169)
12:51:51.747207 10.200.5.1.53 > 10.200.5.11.1024: 27028 0/13/13 (454)
How can it be resolved?
The model of the printer/scanner is: KM-4035 Network Scanner
The scanner firmware is: KM-4035 Ver2.62.8
The network firmware is: NS-30 Ver1.3.00
Kyocera has been informed.