A lack of fine-grained record type checking in response section processing.
Ted_Rule at flextech.co.uk
Ted_Rule at flextech.co.uk
Tue Nov 23 10:40:08 UTC 1999
Spotted a while ago... but not mentioned till now:
Nov 12 08:58:20 intranot (dnsserver): gethostby*.getanswer: asked for
"thebrit.co.uk IN A", got type "SOA"
Investigating further, we find:
$ dig thebrit.co.uk ns
; <<>> DiG 8.2 <<>> thebrit.co.uk ns
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUERY SECTION:
;; thebrit.co.uk, type = NS, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 3h47m46s IN NS map1.dns.gxn.net.
thebrit.co.uk. 3h47m46s IN NS map2.dns.gxn.net.
thebrit.co.uk. 3h47m46s IN NS map3.dns.gxn.net.
thebrit.co.uk. 3h47m46s IN NS map4.dns.gxn.net.
;; ADDITIONAL SECTION:
map1.dns.gxn.net. 23h59m46s IN A 195.224.255.22
map2.dns.gxn.net. 23h59m46s IN A 195.224.255.26
map3.dns.gxn.net. 23h59m46s IN A 195.224.255.30
map4.dns.gxn.net. 23h59m46s IN A 195.224.255.34
;; Total query time: 7 msec
;; FROM: homer.flextech.co.uk to SERVER: default -- 195.188.171.98
;; WHEN: Fri Nov 12 10:40:15 1999
;; MSG SIZE sent: 31 rcvd: 182
$ dig thebrit.co.uk
; <<>> DiG 8.2 <<>> thebrit.co.uk
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; thebrit.co.uk, type = A, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 1D IN SOA map1.dns.gxn.net.
hostmaster.freenetname.co.uk. (
1 ; serial
46m40s ; refresh
2H ; retry
1W ; expiry
5M ) ; minimum
;; Total query time: 32 msec
;; FROM: homer.flextech.co.uk to SERVER: default -- 195.188.171.98
;; WHEN: Fri Nov 12 10:40:37 1999
;; MSG SIZE sent: 31 rcvd: 106
It would appear that the DNS server on the 4 map servers are all incorrectly
responding with
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
RATHER than:
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
which would correspond to a proper DNS NOERROR/NODATA condition for the A record
in the "thebrit.co.uk" domain. As such, the DNS server appears to partially
violate standard
RFC2308 -ve responses.
========================================================================
Reviewing the bind-8.2.2 code, we find:
( in src/bin/named/ns_resp.c, we have:
.......
if (type == T_CNAME &&
qtype != T_CNAME && qtype != T_ANY) {
strcpy(aname, (char *)dp->d_data);
if (!ns_samedomain(aname, qp->q_domain))
externalcname = 1;
cname++;
lastwascname = 1;
} else {
validanswer = 1; <<< possible problem here.
lastwascname = 0;
}
.........
Whilst I'm not entirely sure of the best - or any fix to this - it seems that
"validanswer" is being asserted
even though when type != qtype, post-CNAME-loop-checks. Hence, named's recursive
resolver asserts validanswer
even if none of the answers in the answer section answer the exact question
which was asked. Whilst it could be argued that
named can't trap for everything, and the stub resolver ought to be able to
recover from the error, I can't help feeling
that named ought to at least log the error condition; ideally - I guess - it
would return SERVFAIL if none of the authoratitive servers
give an answer matching the question?
In this particular circumstance, the resultant lack of an A record is NOT
NCACHED - - that's far too many treble-negatives
for a Tuesday morning !! --- and hence a subsequent A record lookup returns yet
another authoritative SOA record.
)
$ dig @map1.dns.gxn.net thebrit.co.uk a
; <<>> DiG 8.2 <<>> @map1.dns.gxn.net thebrit.co.uk a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; thebrit.co.uk, type = A, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 1D IN SOA map1.dns.gxn.net. hostmaster.freenetname
.co.uk. (
1 ; serial
46m40s ; refresh
2H ; retry
1W ; expiry
5M ) ; minimum
;; Total query time: 32 msec
;; FROM: homer.flextech.co.uk to SERVER: map1.dns.gxn.net 195.224.255.22
;; WHEN: Fri Nov 12 11:50:28 1999
;; MSG SIZE sent: 31 rcvd: 106
$ dig @map2.dns.gxn.net thebrit.co.uk a
; <<>> DiG 8.2 <<>> @map2.dns.gxn.net thebrit.co.uk a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; thebrit.co.uk, type = A, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 1D IN SOA map1.dns.gxn.net. hostmaster.freenetname
.co.uk. (
1 ; serial
46m40s ; refresh
2H ; retry
1W ; expiry
5M ) ; minimum
;; Total query time: 122 msec
;; FROM: homer.flextech.co.uk to SERVER: map2.dns.gxn.net 195.224.255.26
;; WHEN: Fri Nov 12 11:50:38 1999
;; MSG SIZE sent: 31 rcvd: 106
$ dig @map3.dns.gxn.net thebrit.co.uk a
; <<>> DiG 8.2 <<>> @map3.dns.gxn.net thebrit.co.uk a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; thebrit.co.uk, type = A, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 1D IN SOA map1.dns.gxn.net. hostmaster.freenetname
.co.uk. (
1 ; serial
46m40s ; refresh
2H ; retry
1W ; expiry
5M ) ; minimum
;; Total query time: 51 msec
;; FROM: homer.flextech.co.uk to SERVER: map3.dns.gxn.net 195.224.255.30
;; WHEN: Fri Nov 12 11:50:45 1999
;; MSG SIZE sent: 31 rcvd: 106
$ dig @map4.dns.gxn.net thebrit.co.uk a
; <<>> DiG 8.2 <<>> @map4.dns.gxn.net thebrit.co.uk a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; thebrit.co.uk, type = A, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 1D IN SOA map1.dns.gxn.net. hostmaster.freenetname
.co.uk. (
1 ; serial
46m40s ; refresh
2H ; retry
1W ; expiry
5M ) ; minimum
;; Total query time: 75 msec
;; FROM: homer.flextech.co.uk to SERVER: map4.dns.gxn.net 195.224.255.34
;; WHEN: Fri Nov 12 11:50:50 1999
;; MSG SIZE sent: 31 rcvd: 106
$ dig @map1.dns.gxn.net thebrit.co.uk any
; <<>> DiG 8.2 <<>> @map1.dns.gxn.net thebrit.co.uk any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 4, ADDITIONAL: 3
;; QUERY SECTION:
;; thebrit.co.uk, type = ANY, class = IN
;; ANSWER SECTION:
thebrit.co.uk. 5M IN MX 10 mx1.thebrit.co.uk.
thebrit.co.uk. 5M IN MX 10 mx2.thebrit.co.uk.
thebrit.co.uk. 5M IN MX 20 mx3.thebrit.co.uk.
thebrit.co.uk. 1D IN NS map1.dns.gxn.net.
thebrit.co.uk. 1D IN NS map2.dns.gxn.net.
thebrit.co.uk. 1D IN NS map3.dns.gxn.net.
thebrit.co.uk. 1D IN NS map4.dns.gxn.net.
thebrit.co.uk. 1D IN SOA map1.dns.gxn.net.
hostmaster.freenetname.co.uk. (
1 ; serial
46m40s ; refresh
2H ; retry
1W ; expiry
5M ) ; minimum
;; AUTHORITY SECTION:
thebrit.co.uk. 1D IN NS map1.dns.gxn.net.
thebrit.co.uk. 1D IN NS map2.dns.gxn.net.
thebrit.co.uk. 1D IN NS map3.dns.gxn.net.
thebrit.co.uk. 1D IN NS map4.dns.gxn.net.
;; ADDITIONAL SECTION:
mx1.thebrit.co.uk. 5M IN A 195.147.246.220
mx2.thebrit.co.uk. 5M IN A 195.147.246.224
mx3.thebrit.co.uk. 5M IN A 195.147.248.200
;; Total query time: 28 msec
;; FROM: homer.flextech.co.uk to SERVER: map1.dns.gxn.net 195.224.255.22
;; WHEN: Fri Nov 12 11:53:38 1999
;; MSG SIZE sent: 31 rcvd: 341
*****************************************************************
This E-mail message, (including any attachments), is intended
only for the person or entity to which it is addressed,
and may contain confidential information.
If you are not the intended recipient, any review, retransmission,
disclosure, copying, modification or other use of this E-mail message
or attachments is strictly forbidden.
If you have received this E-mail message in error, please contact the
author and delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the
views and opinions of FLEXTECH Television.
*****************************************************************
More information about the bind-workers
mailing list