[Pdns-users] servfail-packets>0 but no data in servfail-queries ring buffer
Martin Kellermann
kellermann at sk-datentechnik.com
Thu Apr 16 19:22:21 UTC 2020
Hi Remi,
>At a quick glance the only place in the code where we increase the 'servfail-packets' counter but do not add the offending query to the 'servfail-queries' ring-buffer is when we receive a query for a DNS name that has an 8-bit byte in it and '8bit-dns' [1] is not set >(which is the default), so I assume that's what you are experiencing.
Thank you. That could explain my experience...
I just took a look at the sources and found in packethandler.cc at line 1190+ the code you are referring to:
// XXX FIXME do this in DNSPacket::parse ?
if(!validDNSName(p.qdomain)) {
if(d_logDNSDetails)
g_log<<Logger::Error<<"Received a malformed qdomain from "<<p.getRemote()<<", '"<<p.qdomain<<"': sending servfail"<<endl;
S.inc("corrupt-packets");
S.ringAccount("remotes-corrupt", p.d_remote);
S.inc("servfail-packets");
r->setRcode(RCode::ServFail);
return r;
}
>Note that in that case we also increase the 'corrupt-packets' counter and place the offending query into the 'remotes-corrupt' ring-buffer,
I'm afraid, this is not the case. In "remotes-corrupt" ring-buffer, i can only find the IP address and a "value" (in my case range from 1 to 3) which i don't understand...
>so you might be able to figure out what query caused this. Be aware however that there are other cases where we increase >'corrupt-packets' and insert into 'remotes-corrupt', like a QR or TC bit set in a query, or a query that we simply could not parse.
Thanks.
I turned on 8-bit-dns and will see, what happens...
Regards
MK
More information about the Pdns-users
mailing list