Poisoned cache?
Felipe Gasper
felipe at felipegasper.com
Thu May 26 12:54:29 UTC 2022
Hello,
I’m seeing libunbound query results differ depending on cache results for an improperly-configured domain. I’m wondering what options are available to mitigate this.
The domain in question is “ryanjanzen.org”. The problem can be seen by comparing two libunbound invocations (via Perl DNS::Unbound):
-----------------
> perl -MNet::DNS::Packet -MDNS::Unbound -e'my $dns = DNS::Unbound->new(); print( (Net::DNS::Packet->decode( \$dns->resolve("ryanjanzen.org", "SOA")->answer_packet() )->answer())[0]->string() );'
ryanjanzen.org. 86400 IN SOA ( dns.domainsatcost.ca. noc.domainsatcost.ca.
2022052601 ;serial
10800 ;refresh
3600 ;retry
604800 ;expire
3600 ;minimum
)
-----------------
> perl -MNet::DNS::Packet -MDNS::Unbound -e'my $dns = DNS::Unbound->new(); $dns->resolve("ryanjanzen.org", "NS"); print( (Net::DNS::Packet->decode( \$dns->resolve("ryanjanzen.org", "SOA")->answer_packet() )->answer())[0]->string() );'
ryanjanzen.org. 86400 IN SOA ( ns1.a2hosting.com. root.mi3-ss55.a2hosting.com.
2022052608 ;serial
3600 ;refresh
1800 ;retry
1209600 ;expire
86400 ;minimum
)
-----------------
Both request ryanjanzen.org/SOA, but the 2nd first requests ryanjanzen.org/NS. Unbound’s cache of the NS query result affects its response to the SOA query.
The zone in question is misconfigured (https://www.buddyns.com/delegation-lab/ryanjanzen.org), but is there some way to configure Unbound so that that misconfiguration won’t cause the caching to affect the SOA query result?
Thank you!
cheers,
-Felipe
More information about the Unbound-users
mailing list