[Pdns-users] servfail-packets>0 but no data in servfail-queries ring buffer

Martin Kellermann kellermann at sk-datentechnik.com
Thu Apr 16 19:22:21 UTC 2020


Hi Remi,

>At a quick glance the only place in the code where we increase the 'servfail-packets' counter but do not add the offending query to the 'servfail-queries' ring-buffer is when we receive a query for a DNS name that has an 8-bit byte in it and '8bit-dns' [1] is not set >(which is the default), so I assume that's what you are experiencing.
Thank you. That could explain my experience...

I just took a look at the sources and found in packethandler.cc at line 1190+ the code you are referring to:

    // XXX FIXME do this in DNSPacket::parse ?

    if(!validDNSName(p.qdomain)) {
      if(d_logDNSDetails)
        g_log<<Logger::Error<<"Received a malformed qdomain from "<<p.getRemote()<<", '"<<p.qdomain<<"': sending servfail"<<endl;
      S.inc("corrupt-packets");
      S.ringAccount("remotes-corrupt", p.d_remote);
      S.inc("servfail-packets");
      r->setRcode(RCode::ServFail);
      return r;
    }

>Note that in that case we also increase the 'corrupt-packets' counter and place the offending query into the 'remotes-corrupt' ring-buffer, 
I'm afraid, this is not the case. In "remotes-corrupt" ring-buffer, i can only find the IP address and a "value" (in my case range from 1 to 3) which i don't understand...

>so you might be able to figure out what query caused this. Be aware however that there are other cases where we increase >'corrupt-packets' and insert into 'remotes-corrupt', like a QR or TC bit set in a query, or a query that we simply could not parse.
Thanks.

I turned on 8-bit-dns and will see, what happens...

Regards

MK



More information about the Pdns-users mailing list