[Unbound-users] reddit.com issue

John Peacock jpeacock at messagesystems.com
Mon Aug 25 13:45:07 UTC 2014


On Mon, 2014-08-25 at 08:24 -0500, Dave Duchscher wrote:
> Cloudflare's response:
> 
> > Hey there,
> > 
> > Because the DNS query "http://reddit.com" is technically not valid (since DNS queries should not contain the protocol URI), CloudFlare's DNS servers will not respond to them.

That is what I would have predicted their response would have been.  A
broken client is making illegal DNS queries; that is the root cause of
the difficulty.  The fact that unbound itself doesn't return an error
for these illegal queries is only making matters worse.  Neither ':' nor
'/' are legal DNS hostname characters (see RFC-1035 and onwards), so it
should be the resolver library (i.e. unbound) that should be validating
the query before sending it on, IMNSHO.  The fact that reddit.com has an
unfriendly behavior WRT illegal queries doesn't mean it is their fault;
there is no requirement to return NXDOMAIN or SERVFAIL or anything at
all, so they chose to drop the query.

John

-- 
JOHN PEACOCK
senior software build and release engineer
www.messagesystems.com
twitter @MessageSystems

tel 410-872-4910 x239
email john.peacock at messagesystems.com


More information about the Unbound-users mailing list