A lack of fine-grained record type checking in response section processing.

Ted_Rule at flextech.co.uk Ted_Rule at flextech.co.uk
Tue Nov 23 10:40:08 UTC 1999




Spotted a while ago...  but not mentioned till now:

Nov 12 08:58:20 intranot (dnsserver): gethostby*.getanswer: asked for
"thebrit.co.uk IN A", got type "SOA"

Investigating further, we find:

$ dig thebrit.co.uk ns

; <<>> DiG 8.2 <<>> thebrit.co.uk ns
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUERY SECTION:
;;      thebrit.co.uk, type = NS, class = IN

;; ANSWER SECTION:
thebrit.co.uk.          3h47m46s IN NS  map1.dns.gxn.net.
thebrit.co.uk.          3h47m46s IN NS  map2.dns.gxn.net.
thebrit.co.uk.          3h47m46s IN NS  map3.dns.gxn.net.
thebrit.co.uk.          3h47m46s IN NS  map4.dns.gxn.net.

;; ADDITIONAL SECTION:
map1.dns.gxn.net.       23h59m46s IN A  195.224.255.22
map2.dns.gxn.net.       23h59m46s IN A  195.224.255.26
map3.dns.gxn.net.       23h59m46s IN A  195.224.255.30
map4.dns.gxn.net.       23h59m46s IN A  195.224.255.34

;; Total query time: 7 msec
;; FROM: homer.flextech.co.uk to SERVER: default -- 195.188.171.98
;; WHEN: Fri Nov 12 10:40:15 1999
;; MSG SIZE  sent: 31  rcvd: 182

$ dig thebrit.co.uk

; <<>> DiG 8.2 <<>> thebrit.co.uk
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      thebrit.co.uk, type = A, class = IN

;; ANSWER SECTION:
thebrit.co.uk.          1D IN SOA       map1.dns.gxn.net.
hostmaster.freenetname.co.uk. (
                                        1               ; serial
                                        46m40s          ; refresh
                                        2H              ; retry
                                        1W              ; expiry
                                        5M )            ; minimum


;; Total query time: 32 msec
;; FROM: homer.flextech.co.uk to SERVER: default -- 195.188.171.98
;; WHEN: Fri Nov 12 10:40:37 1999
;; MSG SIZE  sent: 31  rcvd: 106

It would appear that the DNS server on the 4 map servers are all incorrectly
responding with

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

RATHER than:

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

which would correspond to a proper DNS NOERROR/NODATA condition for the A record
in the "thebrit.co.uk" domain. As such, the DNS server appears to partially
violate standard
RFC2308 -ve responses.



========================================================================

Reviewing the bind-8.2.2 code, we find:


(  in src/bin/named/ns_resp.c, we have:

     .......

                        if (type == T_CNAME &&
                            qtype != T_CNAME && qtype != T_ANY) {
                                strcpy(aname, (char *)dp->d_data);
                                if (!ns_samedomain(aname, qp->q_domain))
                                        externalcname = 1;
                                cname++;
                                lastwascname = 1;
                        } else {
                                validanswer = 1;      <<< possible problem here.
                                lastwascname = 0;
                        }

     .........


Whilst I'm not entirely sure of the best - or any fix to this - it seems that
"validanswer" is being asserted
even though when type != qtype, post-CNAME-loop-checks. Hence, named's recursive
 resolver asserts validanswer
even if none of the answers in the answer section answer the exact question
which was asked. Whilst it could be argued that
named can't trap for everything, and the stub resolver ought to be able to
recover from the error, I can't help feeling
that named ought to at least log the error condition; ideally - I guess - it
would return SERVFAIL if none of the authoratitive servers
give an answer matching the question?

In this particular circumstance, the resultant lack of an A record is NOT
NCACHED - - that's far too many treble-negatives
for a Tuesday morning !!  --- and hence a subsequent A record lookup returns yet
 another authoritative SOA record.

)



$ dig @map1.dns.gxn.net thebrit.co.uk a

; <<>> DiG 8.2 <<>> @map1.dns.gxn.net thebrit.co.uk a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      thebrit.co.uk, type = A, class = IN

;; ANSWER SECTION:
thebrit.co.uk.          1D IN SOA       map1.dns.gxn.net. hostmaster.freenetname
.co.uk. (
                                        1               ; serial
                                        46m40s          ; refresh
                                        2H              ; retry
                                        1W              ; expiry
                                        5M )            ; minimum


;; Total query time: 32 msec
;; FROM: homer.flextech.co.uk to SERVER: map1.dns.gxn.net  195.224.255.22
;; WHEN: Fri Nov 12 11:50:28 1999
;; MSG SIZE  sent: 31  rcvd: 106

$ dig @map2.dns.gxn.net thebrit.co.uk a

; <<>> DiG 8.2 <<>> @map2.dns.gxn.net thebrit.co.uk a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      thebrit.co.uk, type = A, class = IN

;; ANSWER SECTION:
thebrit.co.uk.          1D IN SOA       map1.dns.gxn.net. hostmaster.freenetname
.co.uk. (
                                        1               ; serial
                                        46m40s          ; refresh
                                        2H              ; retry
                                        1W              ; expiry
                                        5M )            ; minimum


;; Total query time: 122 msec
;; FROM: homer.flextech.co.uk to SERVER: map2.dns.gxn.net  195.224.255.26
;; WHEN: Fri Nov 12 11:50:38 1999
;; MSG SIZE  sent: 31  rcvd: 106

$ dig @map3.dns.gxn.net thebrit.co.uk a

; <<>> DiG 8.2 <<>> @map3.dns.gxn.net thebrit.co.uk a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      thebrit.co.uk, type = A, class = IN

;; ANSWER SECTION:
thebrit.co.uk.          1D IN SOA       map1.dns.gxn.net. hostmaster.freenetname
.co.uk. (
                                        1               ; serial
                                        46m40s          ; refresh
                                        2H              ; retry
                                        1W              ; expiry
                                        5M )            ; minimum


;; Total query time: 51 msec
;; FROM: homer.flextech.co.uk to SERVER: map3.dns.gxn.net  195.224.255.30
;; WHEN: Fri Nov 12 11:50:45 1999
;; MSG SIZE  sent: 31  rcvd: 106

$ dig @map4.dns.gxn.net thebrit.co.uk a

; <<>> DiG 8.2 <<>> @map4.dns.gxn.net thebrit.co.uk a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      thebrit.co.uk, type = A, class = IN

;; ANSWER SECTION:
thebrit.co.uk.          1D IN SOA       map1.dns.gxn.net. hostmaster.freenetname
.co.uk. (
                                        1               ; serial
                                        46m40s          ; refresh
                                        2H              ; retry
                                        1W              ; expiry
                                        5M )            ; minimum


;; Total query time: 75 msec
;; FROM: homer.flextech.co.uk to SERVER: map4.dns.gxn.net  195.224.255.34
;; WHEN: Fri Nov 12 11:50:50 1999
;; MSG SIZE  sent: 31  rcvd: 106




$ dig @map1.dns.gxn.net thebrit.co.uk any

; <<>> DiG 8.2 <<>> @map1.dns.gxn.net thebrit.co.uk any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 4, ADDITIONAL: 3
;; QUERY SECTION:
;;      thebrit.co.uk, type = ANY, class = IN

;; ANSWER SECTION:
thebrit.co.uk.          5M IN MX        10 mx1.thebrit.co.uk.
thebrit.co.uk.          5M IN MX        10 mx2.thebrit.co.uk.
thebrit.co.uk.          5M IN MX        20 mx3.thebrit.co.uk.
thebrit.co.uk.          1D IN NS        map1.dns.gxn.net.
thebrit.co.uk.          1D IN NS        map2.dns.gxn.net.
thebrit.co.uk.          1D IN NS        map3.dns.gxn.net.
thebrit.co.uk.          1D IN NS        map4.dns.gxn.net.
thebrit.co.uk.          1D IN SOA       map1.dns.gxn.net.
hostmaster.freenetname.co.uk. (
                                        1               ; serial
                                        46m40s          ; refresh
                                        2H              ; retry
                                        1W              ; expiry
                                        5M )            ; minimum


;; AUTHORITY SECTION:
thebrit.co.uk.          1D IN NS        map1.dns.gxn.net.
thebrit.co.uk.          1D IN NS        map2.dns.gxn.net.
thebrit.co.uk.          1D IN NS        map3.dns.gxn.net.
thebrit.co.uk.          1D IN NS        map4.dns.gxn.net.

;; ADDITIONAL SECTION:
mx1.thebrit.co.uk.      5M IN A         195.147.246.220
mx2.thebrit.co.uk.      5M IN A         195.147.246.224
mx3.thebrit.co.uk.      5M IN A         195.147.248.200

;; Total query time: 28 msec
;; FROM: homer.flextech.co.uk to SERVER: map1.dns.gxn.net  195.224.255.22
;; WHEN: Fri Nov 12 11:53:38 1999
;; MSG SIZE  sent: 31  rcvd: 341




*****************************************************************
This E-mail message, (including any attachments), is intended
only for the person or entity to which it is addressed,
and may contain confidential information.

If you are not the intended recipient, any review, retransmission,
disclosure, copying, modification or other use of this E-mail message
or attachments is strictly forbidden.

If you have received this E-mail message in error, please contact the
author and delete the message and any attachments from your computer.

You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the
views and opinions of FLEXTECH Television.
*****************************************************************



More information about the bind-workers mailing list