[Unbound-users] "outgoing tcp": connect failed due to link-local destinations (and other bogus addresses)
Jeroen Massar
jeroen at massar.ch
Tue Sep 9 20:45:41 UTC 2014
[2701:0] error: outgoing tcp: connect: Invalid argument
[2701:0] debug: failed address fe80:: port 53
[2701:0] error: serviced_tcp_initiate: failed to send tcp query
[2701:0] error: outgoing tcp: connect: Invalid argument
[2701:0] debug: failed address fe80:: port 53
[2701:0] error: serviced_tcp_initiate: failed to send tcp query
Seems somebody put fe80:: as a AAAA for a NS record in public DNS.
Would be fun to see what happens when somebody enters:
$ORIGIN example.com.
NS ns1.example.com
ns1 AAAA ff02::1
Or something similar, hence, please have a default option for filtering
out that kind of responses (for at least the outgoing connects by unbound.
And if there is such an option, should that not be a default?
(Browsers going to connect to local sites (RFC1918/link-local etc) is of
course a scary thing when it a remote site specifying some remotely
controlled DNS server specifying those local addresses, but that is a
browser issue).
Greets,
Jeroen
More information about the Unbound-users
mailing list