[Pdns-users] how PDNS must reply to malformed query
bert hubert
bert.hubert at netherlabs.nl
Fri Feb 2 14:55:35 UTC 2007
On Fri, Feb 02, 2007 at 02:43:08PM +0100, Joyce LAMBERT wrote:
> I would like to know and understand why PowerDNS don't reply to malformed
> query
Your query below is not malformed - PowerDNS mistakenly thinks so. But if it
truly were malformed, PowerDNS decides not to amplify the malformedness of
the internet, and drops the packet.
"Be strict in what you transmit and liberal in what you accept" has become a
security hazard.
So if PowerDNS encounters things it considers malformed, it silently ignores
the packet.
But as Stephane said, this is an issue in PowerDNS, where we take the 'ultra
safe' route of not supporting certain characters, which are however
allowable in DNS (if not in hostnames).
Bert
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the Pdns-users
mailing list