Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EDNS issues reported #53

Closed
aeden opened this issue Jun 25, 2016 · 1 comment
Closed

EDNS issues reported #53

aeden opened this issue Jun 25, 2016 · 1 comment
Labels
bug

Comments

@aeden
Copy link
Member

aeden commented Jun 25, 2016

Your nameservers are returning cached results without paying attention to EDNS options, EDNS version or EDNS flags in present in the query which should be eliciting different results. Additionally your servers are incorrectly echoing unknown EDNS options leading to DNS COOKIE mismatches (RFC 7873).

If the server behind the cache correctly implemented EDNS this would be less of a issue as it would be ignoring unknown EDNS options and EDNS flags and presenting similar answers independent of the EDNS options and flags in the query (RFC 6891). The cache needs to be EDNS version aware so it can correctly perform EDNS version negotiation.

The DNS can only work correctly if both DNS clients and DNS servers follow the DNS protocol. Please contact your DNS vendor for a fix.

Mark

% dig careerhub.com.au. @50.31.242.53 soa +edns=1 +noednsneg ; dig careerhub.com.au. @50.31.242.53 soa
;; Warning: Client COOKIE mismatch

; <<>> DiG 9.11.0a3 <<>> careerhub.com.au. @50.31.242.53 soa +edns=1 +noednsneg
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13189
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 34e53df9ea31e66a (bad)
;; QUESTION SECTION:
;careerhub.com.au.              IN      SOA

;; ANSWER SECTION:
careerhub.com.au.       3600    IN      SOA     ns1.careerhub.com.au. admin.dnsimple.com. 1438314364 86400 7200 604800 300

;; Query time: 184 msec
;; SERVER: 50.31.242.53#53(50.31.242.53)
;; WHEN: Fri Jun 24 11:30:24 EST 2016
;; MSG SIZE  rcvd: 115

;; Warning: Client COOKIE mismatch

; <<>> DiG 9.11.0a3 <<>> careerhub.com.au. @50.31.242.53 soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25504
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 1, flags:; udp: 4096
; COOKIE: 4448cbf37dd43b07 (bad)
;; QUESTION SECTION:
;careerhub.com.au.              IN      SOA

;; ANSWER SECTION:
careerhub.com.au.       3600    IN      SOA     ns1.careerhub.com.au. admin.dnsimple.com. 1438314364 86400 7200 604800 300

;; Query time: 182 msec
;; SERVER: 50.31.242.53#53(50.31.242.53)
;; WHEN: Fri Jun 24 11:30:24 EST 2016
;; MSG SIZE  rcvd: 115
@aeden aeden added the bug label Jun 25, 2016
@aeden
Copy link
Member Author

aeden commented Jan 5, 2017

I cannot reproduce.

@aeden aeden closed this as completed Jan 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aeden