[Unbound-users] Again: use-caps-for-id trouble
A. Schulze
sca at andreasschulze.de
Fri Oct 10 13:44:59 UTC 2014
A. Schulze:
> Last week I had an issue with a domain I could analyse in detail.
> The external customer run a Debian Squeeze + bind 9.7.3 for his
> domain and rDNS
>
> The rDNS was broken because we sent queries for *.In.ADr.ArpA.
>
> The Debian servers was "protected" by a Cisco firewall.
> This device had a "content inspection" for DNS enabled which broke
> his bind9 answers.
>
> Unfortunately the latest 0x20 patches for unbound-1.4.22 did not catch that.
>
> @Wouter, if you'r interested I could setup a test environment...
today we hit a powerdns server responding in a unexpected manner:
$ dig @ns1.ipandmore.de MAIL1.IPANDMORE.DE +norecurse +noall +answer
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @ns1.ipandmore.de
MAIL1.IPANDMORE.DE +norecurse +noall +answer
; (1 server found)
;; global options: +cmd
MAIL1.IPANDMORE.DE. 14400 IN A 213.252.2.157
-> OK
$ dig @ns1.ipandmore.de 157.2.252.213.in-addr.arpa. PTR +norecurse
+noall +answer
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @ns1.ipandmore.de
157.2.252.213.in-addr.arpa. PTR +norecurse +noall +answer
; (1 server found)
;; global options: +cmd
157.2.252.213.in-addr.arpa. 900 IN PTR mail1.ipandmore.de.
-> OK
BUT:
$ dig @ns1.ipandmore.de 157.2.252.213.IN-ADDR.ARPA. PTR +norecurse
+noall +answer
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @ns1.ipandmore.de
157.2.252.213.IN-ADDR.ARPA. PTR +norecurse +noall +answer
; (1 server found)
;; global options: +cmd
157.2.252.213.in-addr.arpa. 900 IN PTR mail1.ipandmore.de.
-> OK?, notice the lowercase "in-addr.arpa." in the answer.
We had a similar issue in June:
http://unbound.net/pipermail/unbound-users/2014-June/003377.html
Wouter wrote a patch I'm using here to handle the situation where DNS
servers don't answer
to uppercase queries at all. But that mechanism fail here because
there is no timeout.
I run 1.4.22 with the attached patch.
Ideas / Updates?
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix4caps.patch
Type: text/x-diff
Size: 17034 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20141010/1c761b3f/attachment.bin>
More information about the Unbound-users
mailing list