Ian Cohee ian.cohee at secure64.com
Thu Nov 19 20:47:39 UTC 2015

Hello all,

One of our engineers discovered some interesting behavior while testing
bad EDNS RRs in Unbound. He discovered that Unbound properly checks and
identifies a truncated OPT RR as a FORMERR, but then returns the
truncated OPT RR, resulting in a malformed response to a malformed
request. I have attached a PCAP file that should contain the malformed

Has anyone observed this behavior, and if so, had issues from it?

I'd also like to hear some opinions about this behavior.


Ian Cohee | Software Engineer
Secure64 Software Corporation
ian.cohee at secure64.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Unbound-EDNS
Type: application/octet-stream
Size: 1734 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20151119/40217158/attachment.obj>

More information about the Unbound-users mailing list