Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist deletes edns OPT record from truncated response #4857

Closed
RobinGeuze opened this issue Jan 5, 2017 · 6 comments
Closed

dnsdist deletes edns OPT record from truncated response #4857

RobinGeuze opened this issue Jan 5, 2017 · 6 comments

Comments

@RobinGeuze
Copy link
Contributor

@RobinGeuze RobinGeuze commented Jan 5, 2017

  • Program: dnsdist
  • Issue type: Bug report

Short description

When a truncated response passes through dnsdist the edns OPT record is removed. This is incorrect behaviour as per RFC 6891 chapter 7 last paragraph:

The minimal response MUST be the DNS header, question section, and an
OPT record.  This MUST also occur when a truncated response (using
the DNS header's TC bit) is returned.

Environment

  • Operating system: FreeBSD
  • Software version: 1.1.0beta2
  • Software source: ports

Steps to reproduce

  1. Hang some random authoritative nameserver behind dnsdist
  2. Make sure you have a query that will always get truncated over UDP
  3. Execute query both directly on the auth and through dnsdist

Expected behaviour

Both results have the OPT record included

Actual behaviour

the reply from dnsdist is missing the OPT record.

@RobinGeuze RobinGeuze changed the title dnsdist delete edns header/record from truncated response dnsdist delete edns OPT record from truncated response Jan 5, 2017
@RobinGeuze RobinGeuze changed the title dnsdist delete edns OPT record from truncated response dnsdist deletes edns OPT record from truncated response Jan 5, 2017
@RobinGeuze
Copy link
Contributor Author

@RobinGeuze RobinGeuze commented Jan 5, 2017

Apparently caused by the truncateTC option which is enabled by default. Also this causes dnsviz to give off warnings.

@rgacogne
Copy link
Member

@rgacogne rgacogne commented Jan 5, 2017

The minimal response MUST be the DNS header, question section, and an
OPT record. This MUST also occur when a truncated response (using
the DNS header's TC bit) is returned.

Since nothing limits the size of an OPT record, I'm guessing this will lead to interesting situations.. But yes, you can disable this behavior by using truncateTC(false). Now, do we care to try harder to preserve the OPT record?

@RobinGeuze
Copy link
Contributor Author

@RobinGeuze RobinGeuze commented Jan 5, 2017

You could always provide a minimal OPT record instead of preserving the original OPT record. And yes disabling truncateTC(false) is my current solution. Another option is maybe to disable truncateTC by default, since its not needed in most cases?

@RobinGeuze RobinGeuze mentioned this issue Jan 6, 2017
4 of 4 tasks complete
@Habbie Habbie reopened this Jan 30, 2017
@Habbie
Copy link
Member

@Habbie Habbie commented Jan 30, 2017

Reopening this as #4859 is a terrible fix for this issue.

@Habbie Habbie added this to the dnsdist-1.3.0 milestone Nov 9, 2017
@zeha
Copy link
Collaborator

@zeha zeha commented Feb 20, 2018

NB: truncateTC is not actually documented.

@rgacogne
Copy link
Member

@rgacogne rgacogne commented Sep 4, 2018

Fixed by #6847.

@rgacogne rgacogne closed this Sep 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants