[Pdns-users] Recursor v3.2 and v3.3 malformed answer in case of big response from authoritative
Thor Spruyt
thor.spruyt at telenet.be
Mon Apr 11 14:53:16 UTC 2011
Hi,
Last week I discovered an issue with recursor v3.2.
It appears to return a malformed answer to the client in case the data (incl. additional data) exceeds the 65536 maximum (2 bytes length field).
An example real-life lookup which has this issue as a result is MX of auinmeio.com.br
When asking one of the authoritative servers, dig yields (note ANSWER, ADDITIONAL and MSG SIZE):
[thor at tns125 named]$ dig -t MX auinmeio.com.br @ns1.auinmeio.com.br
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -t MX auinmeio.com.br @ns1.auinmeio.com.br
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25661
;; flags: qr aa rd; QUERY: 1, ANSWER: 1569, AUTHORITY: 6, ADDITIONAL: 1376
;; QUESTION SECTION:
;auinmeio.com.br. IN MX
<snip>
;; Query time: 765 msec
;; SERVER: 65.98.112.162#53(65.98.112.162)
;; WHEN: Mon Apr 11 16:16:25 2011
;; MSG SIZE rcvd: 65531
When asking powerdns v3.3, dig yields (note ANSWER, ADDITIONAL and MSG SIZE):
[thor at tns125 named]$ dig -t MX auinmeio.com.br @195.130.158.234
;; Truncated, retrying in TCP mode.
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -t MX auinmeio.com.br @195.130.158.234
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11531
;; flags: qr rd ra; QUERY: 1, ANSWER: 1569, AUTHORITY: 0, ADDITIONAL: 1569
;; QUESTION SECTION:
;auinmeio.com.br. IN MX
<snip>
;; Query time: 63 msec
;; SERVER: 195.130.158.234#53(195.130.158.234)
;; WHEN: Mon Apr 11 16:19:00 2011
;; MSG SIZE rcvd: 4427
>From a packet trace, I see that the UDP answer is correct with 20 MX answered in a truncated reponse.
The client then asks the same question via TCP:
Domain Name System (query)
[Response In: 8]
Length: 33
Transaction ID: 0x2648
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
auinmeio.com.br: type MX, class IN
Name: auinmeio.com.br
Type: MX (Mail exchange)
Class: IN (0x0001)
And then powerdns answers with:
Domain Name System (response)
[Request In: 6]
[Time: 0.055456000 seconds]
Length: 4465
Transaction ID: 0x2648
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1569
Authority RRs: 0
Additional RRs: 1569
Queries
auinmeio.com.br: type MX, class IN
Name: auinmeio.com.br
Type: MX (Mail exchange)
Class: IN (0x0001)
Answers
auinmeio.com.br: type MX, class IN, preference 0, mx pm02-58.auinmeio.com.br
Name: auinmeio.com.br
Type: MX (Mail exchange)
Class: IN (0x0001)
Time to live: 1 minute, 25 seconds
Data length: 12
Preference: 0
Mail exchange: pm02-58.auinmeio.com.br
<snip>
auinmeio.com.br: type MX, class IN
Name: auinmeio.com.br
Type: MX (Mail exchange)
Class: IN (0x0001)
Time to live: 1 minute, 25 seconds
Data length: 12
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
Domain Name System (query)
Length: 1889
Transaction ID: 0x6c35
Flags: 0x372d (Unknown operation)
0... .... .... .... = Response: Message is a query
.011 0... .... .... = Opcode: Unknown (6)
.... ..1. .... .... = Truncated: Message is truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 12345
Answer RRs: 49164
Authority RRs: 49164
Additional RRs: 15
Queries
<Root>: type Unknown (256), class Unknown (0)
Name: <Root>
Type: Unknown (256)
Class: Unknown (0x0000)
<Unknown extended label>: type PTR, class Unknown (0)
Name: <Unknown extended label>
Type: PTR (Domain name pointer)
Class: Unknown (0x0000)
al96-01: type Unknown (49164), class Unknown (15)
Name: al96-01
Type: Unknown (49164)
Class: Unknown (0x000f)
<Root>: type Unknown (256), class Unknown (0)
Name: <Root>
Type: Unknown (256)
Class: Unknown (0x0000)
Did anybody encounter the same issue?
Is this a known bug? Any resolution or work-around?
Regards,
Thor.
More information about the Pdns-users
mailing list