[Pdns-users] PowerDNS Recursor: McAfee-related errors in your log files

bert hubert bert.hubert at netherlabs.nl
Wed Dec 8 14:20:04 UTC 2010 

McAfee responded within minutes, and they are on the case. Thanks for the
hint!

	Bert

On Wed, Dec 08, 2010 at 09:05:24AM -0500, Curtis Maurand wrote:
> You might try posting a message to the nanog list.
> 
> --Curtis
> 
> On 12/8/2010 7:43 AM, bert hubert wrote:
> >Dear PowerDNS Recursor users,
> >
> >If you have McAfee users among your client base, you may currently be seeing
> >errors like these in your log file:
> >
> >pdns_recursor[4024]: DNS parser error:
> >0.xx-xxxxxxxxx.xxxxxx.1xxx.xxxx.xxxx.xxx.x.xxxxxxxxxxxxxxxxxxxxxxxxxx.avqs.mcafee.com.,
> >Parsing record content: expected digits at position 9 in
> >'\# 45 0000000000000000000000000000000000000000000000000000000000000000000000000000093a8000000258'
> >
> >These errors are harmless to your general Recursor operations, but the
> >McAfee program generating these queries will be reporting timeouts to your
> >end-users.
> >
> >The root cause of this error is a protocol violation by the McAfee
> >nameserver software. We are attempting to contact McAfee so that they can
> >become aware of this error. In short, they are emitting answers in 'CLASS0'
> >instead of in 'CLASS IN'.
> >
> >This causes PowerDNS to log the scary errors reported above. Additionally,
> >it crashes many versions of 'dig'.
> >
> >We are attempting to contact McAfee. If you know anyone in a DNS position
> >there, please let me know.  In the meantime, if you want to get rid of this
> >error and you can recompile your PowerDNS Recursor, you can use:
> >
> >Index: dnsparser.cc
> >===================================================================
> >--- dnsparser.cc        (revision 1745)
> >+++ dnsparser.cc        (working copy)
> >@@ -246,6 +246,8 @@
> >        dr.d_ttl=ah.d_ttl;
> >        dr.d_type=ah.d_type;
> >        dr.d_class=ah.d_class;
> >+      if(dr.d_class == 0)
> >+        dr.d_class = 1;
> >
> >        dr.d_label=label;
> >        dr.d_clen=ah.d_clen;
> >
> >Kind regards,
> >
> >Bert Hubert
> >_______________________________________________
> >Pdns-users mailing list
> >Pdns-users at mailman.powerdns.com
> >http://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>

More information about the Pdns-users mailing list