copying the question section

Paul Vixie paul at vix.com
Sun Aug 4 02:05:59 UTC 2002


> I beg to differ.  All versions of BIND 9 treats an empty question
> section in a response as an error - see the following code in
> same_question() in lib/dns/resolver.c:
> 
>         if (message->counts[DNS_SECTION_QUESTION] != 1)
>                 return (DNS_R_FORMERR);

I see that this is correct according to [RFC1035 7.3].  When I tried to
implement this in 4.9.* or so, I got endless complaints about it.

| The next step is to match the response to a current resolver request.
| The recommended strategy is to do a preliminary matching using the ID
| field in the domain header, and then to verify that the question section
| corresponds to the information currently desired. [...]

> > some non-bind servers have been sending back empty question sections
> > for years now and it's been seen to cause no trouble.
> 
> Which ones would that be?  If such servers were actually deployed, I
> would expect BIND 9 users to have reported it.

I never tracked down who the bad dogs were, I just removed the requirement.
However, if BIND9 hasn't gotten complaints about it, then times have changed,
and we can forget about the whole thing.  One note... let's not implement
[RFC1035 7.3] in its entirety:

|   - Some name servers send their responses from different
|     addresses than the one used to receive the query.  That is, a
|     resolver cannot rely that a response will come from the same
|     address which it sent the corresponding query to.  This name
|     server bug is typically encountered in UNIX systems.

libresolv, libbind, and bind8 have required that the response source be the
same as the query destination since about the BIND KJB/4.9 era, and there's
no reason to relax now.  (SunOS 4.1.3 was the culprit, and is long dead.)


More information about the bind-workers mailing list