[Unbound-users] "outgoing tcp": connect failed due to link-local destinations (and other bogus addresses)

Jeroen Massar jeroen at massar.ch
Tue Sep 9 20:45:41 UTC 2014


[2701:0] error: outgoing tcp: connect: Invalid argument
[2701:0] debug: failed address fe80:: port 53
[2701:0] error: serviced_tcp_initiate: failed to send tcp query
[2701:0] error: outgoing tcp: connect: Invalid argument
[2701:0] debug: failed address fe80:: port 53
[2701:0] error: serviced_tcp_initiate: failed to send tcp query

Seems somebody put fe80:: as a AAAA for a NS record in public DNS.

Would be fun to see what happens when somebody enters:

$ORIGIN example.com.
	NS	ns1.example.com
ns1	AAAA	ff02::1

Or something similar, hence, please have a default option for filtering
out that kind of responses (for at least the outgoing connects by unbound.

And if there is such an option, should that not be a default?

(Browsers going to connect to local sites (RFC1918/link-local etc) is of
course a scary thing when it a remote site specifying some remotely
controlled DNS server specifying those local addresses, but that is a
browser issue).

Greets,
 Jeroen



More information about the Unbound-users mailing list