[ldns-users] Broken code in ldns_pkt_query_new_frm_str
Michael J. Sheldon
msheldon at godaddy.com
Tue May 14 16:55:41 UTC 2013
Unless the serial of the SOA passed in the authority is a recognized previous version of the zone, you either get a full AXFR, or just the current SOA, depending on whether the serial passed is higher or lower than the current serial.
So the only way for the current implementation of ldns_pkt_query_new_frm_str to work with IXFR is to then edit the SOA in the packet to properly set the serial value.
IXFR is a unique query that doesn't match the simplicity of the others. It would be reasonable to me to have a dedicated function, something like ldns_pkt_query_new_ixfr with origin and serial as parameters.
Michael Sheldon
Dev-DNS Services
GoDaddy.com
________________________________________
From: Matthijs Mekking
Sent: Tuesday, May 14, 2013 2:53 AM
To: Michael J. Sheldon
Cc: ldns-users at open.nlnetlabs.nl
Subject: Re: [ldns-users] Broken code in ldns_pkt_query_new_frm_str
Well it works, at least for me (using it in one of our unit test). Could
you say more about the behavior you see?
One way or the other, I am tempted to implement this in the way I
proposed earlier.
Best regards,
Matthijs
On 05/13/2013 06:36 PM, Michael J. Sheldon wrote:
> I would have less problem with this *if* it actually worked. But without a relevant serial # in the SOA record, this won't work anyway
>
> Michael Sheldon
> Dev-DNS Services
> GoDaddy.com
> ________________________________________
> From: Matthijs Mekking
> Sent: Monday, May 13, 2013 7:28 AM
> To: Michael J. Sheldon
> Cc: ldns-users at open.nlnetlabs.nl
> Subject: Re: [ldns-users] Broken code in ldns_pkt_query_new_frm_str
>
> Hi Michael,
>
> That code was added to make drill perform a more useful IXFR query. When
> doing 'drill -t IXFR ...', it did not add a SOA RR in the authority
> section, and made bind9 return a FORMERR. Adding a default SOA RR will
> at least make bind9 to figure out that the serial does not match and
> will return an AXFR.
>
> So it is a drill bugfix. I agree that it is unfortunate that this
> changes the behavior for ldns_pkt_query_new_frm_str. It might be better
> to restore the function and fix the bug different. This would require a
> new function call that is an adaptation of ldns_resolver_query, adding a
> parameter to define an authority RR.
>
> Best regards,
> Matthijs
>
>
>
> On 05/10/2013 09:31 PM, Michael Sheldon wrote:
>> Sometime fairly recently, code was added to the
>> ldns_pkt_query_new_frm_str function to add an SOA record to the
>> authority section if the query type is IXFR.
>>
>> Problem is, it's completely broken. This doesn't actually work unless
>> the SOA serial value is correct for the relevant query. It also broke my
>> systems, since I was adding a proper SOA to the authority myself, thus
>> resulting in two SOA in the authority, and a resulting FORMERR from
>> remote systems.
>>
>>
>> Michael Sheldon
>> Dev-DNS Services
>> GoDaddy.com
>>
>>
>> _______________________________________________
>> ldns-users mailing list
>> ldns-users at open.nlnetlabs.nl
>> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>>
>
>
More information about the ldns-users
mailing list