dig 8.2 reports queries possibly signed, when probably not....

Ted_Rule at flextech.co.uk Ted_Rule at flextech.co.uk
Mon Nov 1 12:58:21 UTC 1999



This from the bind-8.2.2-release tarball - it's not so much a bug, more a matter
of philosophy.....

$  dig @ns2.cs.ucl.ac.uk co.uk ns +d2

; <<>> DiG 8.2 <<>> @ns2.cs.ucl.ac.uk co.uk ns +d2
; (1 server found)
;; res_nmkquery(QUERY, co.uk, IN, NS)
;; res options: init debug recurs defnam dnsrch ?0x80000000?
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57272
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      co.uk, type = NS, class = IN

;; Querying server (# 1) address = 128.16.8.3
res_send: recvfrom: Connection refused
;; Querying server (# 1) address = 128.16.8.3
res_send: recvfrom: Connection refused
;; res_nsend[signed] to server ns2.cs.ucl.ac.uk  128.16.8.3: Connection refused


In src/bin/dig/dig.c:

          ......

                if (keyfile)
                        n = res_nsendsigned(&res, packet, n, &key, answer,
sizeof answer);
                else
                        n = res_nsend(&res, packet, n, answer, sizeof answer);
                if ((bytes_in = n) < 0) {
                        fflush(stdout);
                        n = 0 - n;
                        msg[0]=0;
                        strcat(msg,";; res_nsend[signed] to server ");
                        strcat(msg,srvmsg);
                        perror(msg);

          .......


The debug message back from dig is slightly confusing, as I haven't as yet
configured any keys,
so it ought to be using unsigned queries everywhere.

I guess the [signed] is in brackets to indicate the query may or may not be
signed,
but surely the prescence of the keyfile indicates this anyway?

My presumption is this needs the following to be slightly less confusing:


                if (keyfile)
                        n = res_nsendsigned(&res, packet, n, &key, answer,
sizeof answer);
                else
                        n = res_nsend(&res, packet, n, answer, sizeof answer);
                if ((bytes_in = n) < 0) {
                        fflush(stdout);
                        n = 0 - n;
                        msg[0]=0;
                        if (keyfile)
                             strcat(msg,";; res_nsendsigned to server ");
             else
                             strcat(msg,";; res_nsend to server ");
             fi
                        strcat(msg,srvmsg);
                        perror(msg);




Ted Rule,
Flextech Television


*****************************************************************
This E-mail message, (including any attachments), is intended
only for the person or entity to which it is addressed,
and may contain confidential information.

If you are not the intended recipient, any review, retransmission,
disclosure, copying, modification or other use of this E-mail message
or attachments is strictly forbidden.

If you have received this E-mail message in error, please contact the
author and delete the message and any attachments from your computer.

You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the
views and opinions of FLEXTECH Television.
*****************************************************************



More information about the bind-workers mailing list