[dnsdist] dnsdist timeout with unknown opcode query

Remi Gacogne remi.gacogne at powerdns.com
Wed Sep 23 14:56:05 UTC 2020


Hi Arnaud,

On 9/23/20 4:03 PM, Arnaud Gavara via dnsdist wrote:
> While doing tests on dnsdist (v1.5.0) I noticed a strange (wrong ?) behavior.
> 
> If I request dnsdist with an intentionally unknown opcode, I get a timeout:
> (dig with +noedns +noad +opcode=15 +norec +header-only)
> ;; connection timed out; no servers could be reached
> 
> If I make the same request directly to the backend server of dnsdist, then I get a correct answer:
> ;; - >> HEADER << - opcode: RESERVED15, status: NOTIMP, id: 31326
> 
> Note that the drop counter is not incremented when I do this test.
> Bug or bad configuration ?

+header-only instructs dig to send a query without a question section
(qdcount is 0), and dnsdist doesn't support that. The query is deemed
invalid and discarded before any counter can be incremented.

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20200923/1787afa6/attachment.sig>


More information about the dnsdist mailing list