You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some DNS servers might not respect the case of the name sent in the query when sending the reply. At least this is the case of bind 9.10, as shown below. This breaks (reverse) DNS resolution.
After flushing the DNS server's cache (rndc flush):
# host -t ptr 8.193.93.128.IN-ADDR.ARPA 172.16.111.118
Using domain server:
Name: 172.16.111.118
Address: 172.16.111.118#53
Aliases:
8.193.93.128.in-addr.arpa domain name pointer prod-gitlab.inria.fr.
But if I ask again immediately, I get the answer from cache, which is cached in upper case:
# host -t ptr 8.193.93.128.IN-ADDR.ARPA 172.16.111.118
Using domain server:
Name: 172.16.111.118
Address: 172.16.111.118#53
Aliases:
8.193.93.128.IN-ADDR.ARPA domain name pointer prod-gitlab.inria.fr.
... even if asked in lowercase:
# host -t ptr 8.193.93.128.in-addr.arpa 172.16.111.118
Using domain server:
Name: 172.16.111.118
Address: 172.16.111.118#53
Aliases:
8.193.93.128.IN-ADDR.ARPA domain name pointer prod-gitlab.inria.fr.
Thanks a bunch for finding this bug! I appreciate the patch, too. I'm going to end up committing a different fix that avoids a bunch of the STL string copy/append operations in the original; there's nothing wrong with your patch, I just saw an opportunity to improve the performance of the original. You'll get a changelog credit for the fix, too, since you found exactly where the problem was; that's 90% of the work right there!
Some DNS servers might not respect the case of the name sent in the query when sending the reply. At least this is the case of bind 9.10, as shown below. This breaks (reverse) DNS resolution.
After flushing the DNS server's cache (
rndc flush
):But if I ask again immediately, I get the answer from cache, which is cached in upper case:
... even if asked in lowercase:
This breaks
DNS::Factory::ptrToIp
, because it usesstd::string::find
to match 'in-addr.arpa': https://github.com/nmap/nmap/blob/master/nmap_dns.cc#L1438As a result, DNS resolution times out and fails:
This is a regression introduced in commit e090e09. The current master is still affected. I'll submit a PR in a minute.
The text was updated successfully, but these errors were encountered: