[ldns-users] Broken code in ldns_pkt_query_new_frm_str

Michael J. Sheldon msheldon at godaddy.com
Mon May 13 16:36:07 UTC 2013

I would have less problem with this *if* it actually worked. But without a relevant serial # in the SOA record, this won't work anyway

Michael Sheldon
Dev-DNS Services
From: Matthijs Mekking
Sent: Monday, May 13, 2013 7:28 AM
To: Michael J. Sheldon
Cc: ldns-users at open.nlnetlabs.nl
Subject: Re: [ldns-users] Broken code in ldns_pkt_query_new_frm_str

Hi Michael,

That code was added to make drill perform a more useful IXFR query. When
doing 'drill -t IXFR ...', it did not add a SOA RR in the authority
section, and made bind9 return a FORMERR. Adding a default SOA RR will
at least make bind9 to figure out that the serial does not match and
will return an AXFR.

So it is a drill bugfix. I agree that it is unfortunate that this
changes the behavior for ldns_pkt_query_new_frm_str. It might be better
to restore the function and fix the bug different. This would require a
new function call that is an adaptation of ldns_resolver_query, adding a
parameter to define an authority RR.

Best regards,

On 05/10/2013 09:31 PM, Michael Sheldon wrote:
> Sometime fairly recently, code was added to the
> ldns_pkt_query_new_frm_str function to add an SOA record to the
> authority section if the query type is IXFR.
> Problem is, it's completely broken. This doesn't actually work unless
> the SOA serial value is correct for the relevant query. It also broke my
> systems, since I was adding a proper SOA to the authority myself, thus
> resulting in two SOA in the authority, and a resulting FORMERR from
> remote systems.
> Michael Sheldon
> Dev-DNS Services
> GoDaddy.com
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users

More information about the ldns-users mailing list