[Pdns-users] PowerDNS Recursor: McAfee-related errors in your log files

[bert hubert]

Dear PowerDNS Recursor users,

If you have McAfee users among your client base, you may currently be seeing
errors like these in your log file:

pdns_recursor[4024]: DNS parser error: 
0.xx-xxxxxxxxx.xxxxxx.1xxx.xxxx.xxxx.xxx.x.xxxxxxxxxxxxxxxxxxxxxxxxxx.avqs.mcafee.com., 
Parsing record content: expected digits at position 9 in 
'\# 45 0000000000000000000000000000000000000000000000000000000000000000000000000000093a8000000258'

These errors are harmless to your general Recursor operations, but the
McAfee program generating these queries will be reporting timeouts to your
end-users.

The root cause of this error is a protocol violation by the McAfee
nameserver software. We are attempting to contact McAfee so that they can
become aware of this error. In short, they are emitting answers in 'CLASS0'
instead of in 'CLASS IN'. 

This causes PowerDNS to log the scary errors reported above. Additionally,
it crashes many versions of 'dig'. 

We are attempting to contact McAfee. If you know anyone in a DNS position
there, please let me know.  In the meantime, if you want to get rid of this
error and you can recompile your PowerDNS Recursor, you can use:

Index: dnsparser.cc
===================================================================
--- dnsparser.cc        (revision 1745)
+++ dnsparser.cc        (working copy)
@@ -246,6 +246,8 @@
       dr.d_ttl=ah.d_ttl;
       dr.d_type=ah.d_type;
       dr.d_class=ah.d_class;
+      if(dr.d_class == 0)
+        dr.d_class = 1;
       
       dr.d_label=label;
       dr.d_clen=ah.d_clen;

Kind regards,

Bert Hubert