You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
When nsd suth server receives a query TSIG and OPT RR, and the TSIG RR is not the last record in the additional section, the server return a response RCODE 9(NOTAUTH) or RCODE 0(with much information) instead of RCODE 1(FORMATERR).
This is a noncompliance with RFC2845, as which says:
If an incoming message contains a TSIG record, it MUST be the last record in the additional section. Multiple TSIG records are not allowed. If a TSIG record is present in any other position, the packet is dropped and a response with RCODE
1 (FORMERR) MUST be returned.
Environment
operating system : ubuntu 18.04
software version: NSD_4_3_4_RC1
Expected response
a response with RCODE 1 (FORMATERR).
Actual response
a response with RCODE 9 or RCODE 1.
The text was updated successfully, but these errors were encountered:
The commit removes the backwards compatibility section where a TSIG before EDNS OPT was allowed by the code. This makes the code return FORMERR for TSIG before EDNS OPT in the additional section. This is also what RFC6891 and RFC8945 say should happen for this.
program: nsd
issue type: bug report
Description
When nsd suth server receives a query TSIG and OPT RR, and the TSIG RR is not the last record in the additional section, the server return a response RCODE 9(NOTAUTH) or RCODE 0(with much information) instead of RCODE 1(FORMATERR).
This is a noncompliance with RFC2845, as which says:
Environment
operating system : ubuntu 18.04
software version: NSD_4_3_4_RC1
Expected response
a response with RCODE 1 (FORMATERR).
Actual response
a response with RCODE 9 or RCODE 1.
The text was updated successfully, but these errors were encountered: