[Pdns-users] Erroneous NXDOMAIN from Ebay triggered by EDNS extra info
Peter van Dijk
peter.van.dijk at netherlabs.nl
Sat Dec 28 20:57:25 UTC 2013
Hello Steinar,
On Dec 27, 2013, at 14:49 , sthaug at nethelp.no wrote:
> 0x0040: .......00 0800 0500 0456 6086 8e
>
> According to RFC 6975, Option code 5 of the OPT RR should be used to
> signal DAU (DNSSEC Algorithm Understood) - however, I doubt that this
> is really what PowerDNS recursor is trying to tell me here. It seems
> more likely that the inclusion of these additional 8 bytes in the
> query is a bug in PowerDNS recursor 3.5.3.
Our usage of option code 5 is for the expired EDNS PING draft. We recommend running with disable-edns-ping now (because of eBay).
eBay's name servers are severely broken -- various non-vanilla aspects of DNS will trigger NXDOMAINs from their name servers. This is a serious bug on their end and we have been working on getting them to fix it (without success, so far).
> Anybody else seen this?
>
> Full pcap files available on request.
No need to keep them around for us.
Thank you for your very extensive report, we highly appreciate it!
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20131228/7a33e2c9/attachment-0001.sig>
More information about the Pdns-users
mailing list