[ldns-users] pyLDNS Problems

Willem Toorop willem at NLnetLabs.nl
Mon Sep 19 13:22:04 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul and Chris,

I found the culprit!

ldns_resolver_send_pkt in resolver.c first tries normal UDP
transmission. Then it tries UDP transmission with edns0 size 4096.
When fragments are dropped (which was the case with you) a network error
is returned and ldns_resolver_send_pkt then continues trying TCP.
However, because of the network error, the non responsive nameservers in
the resolver (in your case 76.10.157.65) is marked unreachable by
ldns_send. As a result the ldns_resolver has no reachable nameservers
any more and doesn't even try to send a query out.

The reachability of nameservers is in the round trip time information
(_rtt field) of an ldns_resolver struct.
A round trip time of LDNS_RESOLV_RTT_INF means unreachable.

I have fixed the issue by preserving the round trip time information
when edns0 with size 4096 is tried. The fix is in revision r3551 and
will be in the 1.6.11 release.

Thanks for you bug report!

Willem

On 19-09-11 12:31, Willem Toorop wrote:
> On 18-09-11 21:13, Paul Wouters wrote:
>> Does it work 3 times? The test first checks google.com, then xelerance.com,
>> then google.com again. The last two fail. This might be related to EDNS
>> and/or
>> UDP fragments gone missing.
> 
> Paul, Chris, I can finally reproduce the error. Even on my own Ubuntu
> box when I drop fragments from the PREROUTING table with:
> 
> iptables -t mangle -A PREROUTING -f -j DROP
> 
> Hopefully I can follow up with a fix now soon.
> 
> Regards, Willem
_______________________________________________
ldns-users mailing list
ldns-users at open.nlnetlabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/ldns-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOd0H8AAoJEOX4+CEvd6SYyh0P/jbfrxZ2rwcZamefCSH5+co3
K1E5PBro7PvQqb48JPUvoDb/Ezfq6/K4dJQGp8C8E8GdJqnx2l7oTsY/ymt44vLB
0hRij7XLKb/O6IsWMN2XX/T5hJC7mTexfCKONkR4IaFrV259YkWCMiZROgZqV6I/
LbNQ/LQYL8J9kCzj49y3F0tcZ8Hd5dYhdsDQ2vIN6MJij/piudRdpop4DpEsd43t
FSzRV5CHft2XfHdpQQVjf3ji1CrNrB9Gm7NFcfOxQu5AryA9xymk63fsQ8n+LOE1
IfK2XXUloyQU6E6S6muBB88rTQpuRCawXXDMQKrNST/UA6L62fJb6Yq5BnNA0nXQ
+MBQCSiL3WO8D7fOID+CvW10BHLqikteVxEMNpVTgyezUBn2JvsOXu9h11lfbPgC
Xfhh2diQtTkJ3IT08WVYcB6iL4BaFwopwITj1VH1GIhi86H9gvU8k34fzn6KvGTj
e8ACGv1MCyTyPjiCyU0gxe1y08ZTpd2FIcRTVhQH1ggJabGryEAEBvRUIMSC8AUk
8+scvAy89N7trisvT16vR+b7oxE8uGd738IQY+mqMHBon5peyt0XutElsZ6g4ETC
/QPchtykUfxOV2VBolIP60kYPNGSgT2AQvIRbHwTpebDmOrGlwzuyqfShBzTFQBo
TwY1ozS9yqZsH9byIZ1F
=zk3d
-----END PGP SIGNATURE-----



More information about the ldns-users mailing list