[bind10-dev] MessageTooShort and SERVFAIL
Francis Dupont
fdupont at isc.org
Thu Nov 8 21:08:20 UTC 2012
> > On a request shorter than a DNS message header, Message::fromWire
> > raises the MessageTooShort exception which is translated (as it is
> > not a DNSProtocolError) into a SERVFAIL response. IMHO it should
> > be more a FORMERR (as bind 9 does)?
>
> Did you confirm the behavior by actually seeing the response in the
> wire, or is it based on code inspection?
=> code inspection (which is of course subject to code change).
BTW this applies to other "too short" errors, i.e., not only
the header one.
> And, in fact, whether it's SERVFAIL or FORMERR, it wouldn't even make
> sense to try sending any response if it doesn't even have a complete
> header.
=> this is true only for the header case but not for others.
IMHO the best is to add if they don't exist yet tests for too short
messages in both auth and resolver (and other tools parsing messages).
BTW it will be in the write the test first new policy (:-)!
Thanks
Francis Dupont <fdupont at isc.org>
PS: an example of offending code is in src/bin/auth/auth_srv.cc:
try {
// Parse the message.
message.fromWire(request_buffer);
} catch (const DNSProtocolError& error) {
LOG_DEBUG(auth_logger, DBG_AUTH_DETAIL, AUTH_PACKET_PROTOCOL_ERROR)
.arg(error.getRcode().toText()).arg(error.what());
makeErrorMessage(impl_->renderer_, message, buffer, error.getRcode());
impl_->resumeServer(server, message, stats_attrs, true);
return;
} catch (const Exception& ex) {
LOG_DEBUG(auth_logger, DBG_AUTH_DETAIL, AUTH_PACKET_PARSE_ERROR)
.arg(ex.what());
makeErrorMessage(impl_->renderer_, message, buffer, Rcode::SERVFAIL());
impl_->resumeServer(server, message, stats_attrs, true);
return;
} // other exceptions will be handled at a higher layer.
note that MessageTooShort derives from Exception, not from DNSProtocolError.
More information about the bind10-dev
mailing list