Responses erroneously marked "invalid response"?
Havard Eidnes
he at uninett.no
Thu Oct 4 22:19:07 UTC 2012
>> So I'm sitting here scrathing my head even more confused than
>> usual. Anyone have any insights?
>
> The SOA has the wrong owner name. Bind followed a referral for
> map.media6degrees.com but the SOA wrongly says the zone apex is
> media6degrees.com.
>
> https://lists.isc.org/pipermail/bind-users/2009-December/078403.html
> http://fanf.livejournal.com/107721.html
Ah! OK, then let me offer the following patch to reduce
confusion among those who might inadvertently start following my
tracks:
--- lib/dns/resolver.c.orig 2012-08-24 04:40:57.000000000 +0000
+++ lib/dns/resolver.c
@@ -5418,10 +5418,10 @@ noanswer_response(fetchctx_t *fctx, dns_
{
isc_result_t result;
dns_message_t *message;
- dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name;
+ dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name, *save_name;
dns_rdataset_t *rdataset, *ns_rdataset;
isc_boolean_t aa, negative_response;
- dns_rdatatype_t type;
+ dns_rdatatype_t type, save_type;
dns_section_t section;
FCTXTRACE("noanswer_response");
@@ -5488,6 +5488,8 @@ noanswer_response(fetchctx_t *fctx, dns_
ns_rdataset = NULL;
soa_name = NULL;
ds_name = NULL;
+ save_name = NULL;
+ save_type = dns_rdatatype_none;
result = dns_message_firstname(message, section);
while (result == ISC_R_SUCCESS) {
name = NULL;
@@ -5580,6 +5582,9 @@ noanswer_response(fetchctx_t *fctx, dns_
dns_trust_additional;
}
}
+ } else {
+ save_name = name;
+ save_type = ISC_LIST_HEAD(name->list)->type;
}
result = dns_message_nextname(message, section);
if (result == ISC_R_NOMORE)
@@ -5721,7 +5726,35 @@ noanswer_response(fetchctx_t *fctx, dns_
/*
* The responder is insane.
*/
- log_formerr(fctx, "invalid response");
+ if (save_name == NULL) {
+ log_formerr(fctx, "invalid response");
+ return (DNS_R_FORMERR);
+ }
+ if (!dns_name_issubdomain(save_name, &fctx->domain)) {
+ char nbuf[DNS_NAME_FORMATSIZE];
+ char dbuf[DNS_NAME_FORMATSIZE];
+ char tbuf[DNS_RDATATYPE_FORMATSIZE];
+ const char *s;
+
+ dns_rdatatype_format(save_type,
+ tbuf, sizeof(tbuf));
+ dns_name_format(save_name, nbuf,
+ sizeof(nbuf));
+ dns_name_format(&fctx->domain, dbuf,
+ sizeof(dbuf));
+
+ if (section == DNS_SECTION_ANSWER)
+ s = "answer";
+ else
+ s = "authority";
+
+ log_formerr(fctx, "Name %s (%s) in %s section"
+ " not subdomain of"
+ " known-to-be zone %s --"
+ " invalid response",
+ nbuf, tbuf, s, dbuf);
+ } else
+ log_formerr(fctx, "invalid response");
return (DNS_R_FORMERR);
}
}
- Havard
More information about the bind-users
mailing list