New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

superfluous TSIG data in responses #6736

Closed
klaus3000 opened this Issue Jun 14, 2018 · 0 comments

Comments

Projects
None yet
2 participants
@klaus3000

klaus3000 commented Jun 14, 2018

  • Program: Authoritative
  • Issue type: Bug report

Short description

PowerDNS responds some times with TSIG-Keys in the response, although TSIG was not requested. These TSIG keys are the ones which were used in previous requests/reponses. The superfluous TSIG key is not available in every response. It seems to be related to the number of receiver-threads.

Environment

  • Operating system: Linux Ubuntu 14.04
  • Software version: 4.1.3 (also observed with 3.x and 4.0 versions)
  • Software source: compiled myself

Steps to reproduce

(TSIG key manipulated)

  1. SOA query without key - OK
darilion@cc-manager:~$ dig www.nic.at @cc-regdev-main
; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> www.nic.at @cc-regdev-main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28440
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.nic.at.                    IN      A

;; ANSWER SECTION:
www.nic.at.             900     IN      A       131.130.254.75
  1. SOA query with key - OK
darilion@cc-manager:~$ dig www.nic.at @cc-regdev-main -y 'hmac-sha256:out.soap-test1.rcodezero:JbVkrbwFPu9jKGSHsF6QnrumhqUTXJ3ZKHxyg4CBnJM1nI8ntHlUqfpw=='

; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> www.nic.at @cc-regdev-main -y hmac-sha256:out.soap-test1.rcodezero:JbVkrbwFPu9jKGSHsF6QnrumhqUTXJ3ZKHxyg4CBnJM1nI8ntHlUqfpw==
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21401
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.nic.at.                    IN      A

;; ANSWER SECTION:
www.nic.at.             900     IN      A       131.130.254.75

;; TSIG PSEUDOSECTION:
out.soap-test1.rcodezero. 0     ANY     TSIG    hmac-sha256. 1528979054 300 32 nW8Pwgwje3ZX5Gs/CKTweWSIEwF8DFwe5+luCGl/klg= 21401 NOERROR 0

  1. SOA query without key - Sometimes OK, Sometimes superfluous TSIG key (receiver-threads=2)
darilion@cc-manager:~$ dig www.nic.at @cc-regdev-main

; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> www.nic.at @cc-regdev-main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21743
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.nic.at.                    IN      A

;; ANSWER SECTION:
www.nic.at.             900     IN      A       131.130.254.75

;; TSIG PSEUDOSECTION:
out.soap-test1.rcodezero. 0     ANY     TSIG    hmac-sha256. 1528979054 300 32 vdQGv69Z9OP2Pfz5oD2BA+aHHR22Z0SPihj/2palqmg= 21401 NOERROR 0



darilion@cc-manager:~$ dig www.nic.at @cc-regdev-main
; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> www.nic.at @cc-regdev-main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49185
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.nic.at.                    IN      A

;; ANSWER SECTION:
www.nic.at.             900     IN      A       131.130.254.75

;; TSIG PSEUDOSECTION:
out.soap-test1.rcodezero. 0     ANY     TSIG    hmac-sha256. 1528979054 300 32 4qiaW/vgXpYwPZEE1YavkQz7YlU3t9xhb91Y5upLWeQ= 21401 NOERROR 0



darilion@cc-manager:~$ dig www.nic.at @cc-regdev-main
; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> www.nic.at @cc-regdev-main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9367
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.nic.at.                    IN      A

;; ANSWER SECTION:
www.nic.at.             900     IN      A       131.130.254.75



darilion@cc-manager:~$ dig www.nic.at @cc-regdev-main
; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> www.nic.at @cc-regdev-main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43472
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.nic.at.                    IN      A

;; ANSWER SECTION:
www.nic.at.             900     IN      A       131.130.254.75


darilion@cc-manager:~$ dig www.nic.at @cc-regdev-main
; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> www.nic.at @cc-regdev-main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26725
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.nic.at.                    IN      A

;; ANSWER SECTION:
www.nic.at.             900     IN      A       131.130.254.75



darilion@cc-manager:~$ dig www.nic.at @cc-regdev-main
; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> www.nic.at @cc-regdev-main
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22420
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.nic.at.                    IN      A

;; ANSWER SECTION:
www.nic.at.             900     IN      A       131.130.254.75

;; TSIG PSEUDOSECTION:
out.soap-test1.rcodezero. 0     ANY     TSIG    hmac-sha256. 1528979054 300 32 mRq09ao1FVRWYUBdbfuypyPuP4nnd2YtMqqXdwJAut4= 21401 NOERROR 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment