Strange response to mangled requests

[Wouter Wijngaards]

Hi Stephane,

Unbound echoes the request.  But it really sets RCODE=FORMERR on the
reply.  Also it sets the QR flag on the reply (as usual).  And this is
visible in the hex dump you have.  (the 4th byte moves from '00'
(NOERROR) to '01' (FORMERR)).

What BIND did was remove the 'bad' question section that it could not
parse in the reply.  Unbound could do that too, but today, it copies it
to the reply.  It is a matter of preference I think, because if you sent
it I can reply with that, I think that could be clearer, although you
can also make a case that removal of the bad material is somehow good,
probably depends on the 'use case' of formerr inputs, but I do not know
of any.

Best regards, Wouter

On 02/04/2020 15:29, Stephane Bortzmeyer via Unbound-users wrote:
> Testing robustness of servers, I see that Unbound reacts in a way I
> don't approve when the incoming request is malformed. Instead of
> replying with FORMERR, it echoes the invalid request.
> 
> The attached Python script shows this behavior. With Unbound 1.10.0, I
> get:
> 
> % ./test_pub_resolv-trunc_data.py 127.0.0.1 9053
> data sent: b'\xee\xd0\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04cu'
>       hex: ee d0 01 00 00 01 00 00 00 00 00 00 04 63 75
>       bin: 11101110 11010000 00000001 00000000 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000100 01100011 01110101
> 
> data recv: b'\xee\xd0\x81\x01\x00\x01\x00\x00\x00\x00\x00\x00\x04cu'
>       hex: ee d0 81 01 00 01 00 00 00 00 00 00 04 63 75
>       bin: 11101110 11010000 10000001 00000001 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000100 01100011 01110101
> 
> Traceback (most recent call last):
>   File "./test_pub_resolv-trunc_data.py", line 51, in <module>
>     resp = dns.message.from_wire(r_data)
>   File "/usr/lib/python3/dist-packages/dns/message.py", line 823, in from_wire
>     reader.read()
>   File "/usr/lib/python3/dist-packages/dns/message.py", line 746, in read
>     self._get_question(qcount)
>   File "/usr/lib/python3/dist-packages/dns/message.py", line 621, in _get_question
>     (qname, used) = dns.name.from_wire(self.wire, self.current)
>   File "/usr/lib/python3/dist-packages/dns/name.py", line 975, in from_wire
>     labels.append(message[current: current + count].unwrap())
>   File "/usr/lib/python3/dist-packages/dns/wiredata.py", line 71, in __getitem__
>     raise dns.exception.FormError
> dns.exception.FormError: DNS message is malformed.
> 
> While I was expecting (this is with BIND):
> 
> % ./test_pub_resolv-trunc_data.py 127.0.0.1     
> data sent: b'\xfc\xca\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04cu'
>       hex: fc ca 01 00 00 01 00 00 00 00 00 00 04 63 75
>       bin: 11111100 11001010 00000001 00000000 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000100 01100011 01110101
> 
> data recv: b'\xfc\xca\x81\x01\x00\x00\x00\x00\x00\x00\x00\x00'
>       hex: fc ca 81 01 00 00 00 00 00 00 00 00
>       bin: 11111100 11001010 10000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> 
> id 64714
> opcode QUERY
> rcode FORMERR
> flags QR RD
> ;QUESTION
> ;ANSWER
> ;AUTHORITY
> ;ADDITIONAL
>