New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist deletes edns OPT record from truncated response #4857

Closed
RobinGeuze opened this Issue Jan 5, 2017 · 6 comments

Comments

Projects
None yet
5 participants
@RobinGeuze
Contributor

RobinGeuze commented Jan 5, 2017

  • Program: dnsdist
  • Issue type: Bug report

Short description

When a truncated response passes through dnsdist the edns OPT record is removed. This is incorrect behaviour as per RFC 6891 chapter 7 last paragraph:

The minimal response MUST be the DNS header, question section, and an
OPT record.  This MUST also occur when a truncated response (using
the DNS header's TC bit) is returned.

Environment

  • Operating system: FreeBSD
  • Software version: 1.1.0beta2
  • Software source: ports

Steps to reproduce

  1. Hang some random authoritative nameserver behind dnsdist
  2. Make sure you have a query that will always get truncated over UDP
  3. Execute query both directly on the auth and through dnsdist

Expected behaviour

Both results have the OPT record included

Actual behaviour

the reply from dnsdist is missing the OPT record.

@RobinGeuze RobinGeuze changed the title from dnsdist delete edns header/record from truncated response to dnsdist delete edns OPT record from truncated response Jan 5, 2017

@RobinGeuze RobinGeuze changed the title from dnsdist delete edns OPT record from truncated response to dnsdist deletes edns OPT record from truncated response Jan 5, 2017

@RobinGeuze

This comment has been minimized.

Contributor

RobinGeuze commented Jan 5, 2017

Apparently caused by the truncateTC option which is enabled by default. Also this causes dnsviz to give off warnings.

@rgacogne rgacogne added the dnsdist label Jan 5, 2017

@rgacogne

This comment has been minimized.

Member

rgacogne commented Jan 5, 2017

The minimal response MUST be the DNS header, question section, and an
OPT record. This MUST also occur when a truncated response (using
the DNS header's TC bit) is returned.

Since nothing limits the size of an OPT record, I'm guessing this will lead to interesting situations.. But yes, you can disable this behavior by using truncateTC(false). Now, do we care to try harder to preserve the OPT record?

@RobinGeuze

This comment has been minimized.

Contributor

RobinGeuze commented Jan 5, 2017

You could always provide a minimal OPT record instead of preserving the original OPT record. And yes disabling truncateTC(false) is my current solution. Another option is maybe to disable truncateTC by default, since its not needed in most cases?

@RobinGeuze RobinGeuze referenced this issue Jan 6, 2017

Merged

Change truncateTC to defaulting to off #4859

4 of 4 tasks complete

@Habbie Habbie reopened this Jan 30, 2017

@Habbie

This comment has been minimized.

Member

Habbie commented Jan 30, 2017

Reopening this as #4859 is a terrible fix for this issue.

@Habbie Habbie added this to the dnsdist-1.3.0 milestone Nov 9, 2017

@zeha

This comment has been minimized.

Collaborator

zeha commented Feb 20, 2018

NB: truncateTC is not actually documented.

@rgacogne

This comment has been minimized.

Member

rgacogne commented Sep 4, 2018

Fixed by #6847.

@rgacogne rgacogne closed this Sep 4, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment