[Pdns-dev] Recursor iterating over AXFR queries

Alexander Gall gall at switch.ch
Tue May 18 11:00:07 CEST 2010


It appears that the PowerDNS recursor treats AXFR queries received
over UDP with the RD flag set like any other query, i.e. it sends
iterative queries with qtype AXFR to authoritative servers of parent
zones of the qname.  Most likely, this affects all versions of the
recursor including 3.2.

Note that AXFR queries sent over TCP are handled correctly, i.e. this
bug can't be triggered, for example, with dig, because it never uses
UDP to send such a query.  A simple way to reproduce the effect is to
generate the query with the Net::DNS::Resolver Perl module

use Net::DNS;
my $target = '127.0.0.1';

my $res = Net::DNS::Resolver->new() or die;
$res->nameservers($target);
$res->recurse(1);
$res->query('somedomain.example.', 'AXFR');

and check the upstream queries generated by it with tcpdump on the
recursor.

This can actually be seen in the wild.  We're operating the
authoritative servers for the ch ccTLD and started to see lots of
these AXFR requests last week coming from about 60 different IP
addresses.  It turned out that basically all of these hosts are
running some version of PowerDNS (identified through "version.bind")
and are configured to be both, authoritative for some second-level ch
domain as well as an open recursor (i.e. accepting recursive queries
from everywhere).

My hypothesis is that somebody is going through a list of ch domains
and trying to perform zone transfers from the corresponding
authoritative servers.  The tool used for this has a bug that
generates UDP queries rather than TCP, which causes the servers with
this particular configuration to relay these queries to the TLD
servers.

I'm not a PowerDNS user and only subscribed to the list to report this
issue.  I would be grateful if somebody could turn this into a proper
bug report.

Regards,
Alex

-- 
SWITCH
Serving Swiss Universities
--------------------------
Alexander Gall, Network Engineer
P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 22, fax +41 44 268 15 68
alexander.gall at switch.ch, http://www.switch.ch



More information about the Pdns-dev mailing list