New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fake delegation with explicit IP address is ignored #295

Closed
aabdnn opened this Issue Apr 18, 2017 · 12 comments

Comments

Projects
None yet
4 participants
@aabdnn

aabdnn commented Apr 18, 2017

I have this scenario:

$ zonemaster-cli 200.193.193.in-addr.arpa --ns ns.lucky.net --ns ns.gu.kiev.ua
Seconds Level     Message
======= ========= =======
  12.09 NOTICE    Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond to NS query.
  13.71 WARNING   No response from nameserver(s) on PTR query (123.190.93.194.in-addr.arpa.).
  18.26 ERROR     Nameserver ns.gu.kiev.ua/194.93.190.123 not accessible over UDP on port 53.
  28.28 ERROR     Nameserver ns.gu.kiev.ua/194.93.190.123 not accessible over TCP on port 53.
  31.75 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  31.75 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  31.75 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  31.75 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  31.76 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  31.76 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  31.76 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  31.76 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  31.81 NOTICE    There are neither DS nor DNSKEY records for the zone.
  31.81 NOTICE    The zone is not signed with DNSSEC.
  37.19 NOTICE    Nameserver ns.lucky.net/193.193.193.100 allow zone transfer using AXFR.
  37.20 NOTICE    Nameserver ns.gu.kiev.ua/194.93.190.123 dropped AAAA query.
  37.70 NOTICE    SOA 'refresh' value (3600) is less than the recommended one (14400).
  37.70 NOTICE    SOA 'retry' value (900) is less than the recommended one (3600).
  37.88 NOTICE    No target (MX, A or AAAA record) to deliver e-mail for the domain name.

Notice that one name server is not responding. Now suppose this name server is actually going to be made available on a different IP address, and I want to test this before changing the name's address, and I do:

$ zonemaster-cli 200.193.193.in-addr.arpa --ns ns.lucky.net --ns ns.gu.kiev.ua/192.168.1.1
Seconds Level     Message
======= ========= =======
  12.34 NOTICE    Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond to NS query.
  14.02 WARNING   No response from nameserver(s) on PTR query (123.190.93.194.in-addr.arpa.).
  18.59 ERROR     Nameserver ns.gu.kiev.ua/194.93.190.123 not accessible over UDP on port 53.
  28.60 ERROR     Nameserver ns.gu.kiev.ua/194.93.190.123 not accessible over TCP on port 53.
  32.09 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  32.09 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  32.09 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  32.10 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  32.10 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  32.10 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  32.10 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  32.10 WARNING   Nameserver ns.gu.kiev.ua/194.93.190.123 did not respond.
  32.15 NOTICE    There are neither DS nor DNSKEY records for the zone.
  32.15 NOTICE    The zone is not signed with DNSSEC.
  37.56 NOTICE    Nameserver ns.lucky.net/193.193.193.100 allow zone transfer using AXFR.
  37.56 NOTICE    Nameserver ns.gu.kiev.ua/194.93.190.123 dropped AAAA query.
  37.99 NOTICE    SOA 'refresh' value (3600) is less than the recommended one (14400).
  38.00 NOTICE    SOA 'retry' value (900) is less than the recommended one (3600).
  38.17 NOTICE    No target (MX, A or AAAA record) to deliver e-mail for the domain name.

Now, the engine is ignoring the IP address that has been explicitly passed in, so I can't do a pre-delegation test of that specific IP address.

@matsduf

This comment has been minimized.

Show comment
Hide comment
@matsduf

matsduf Apr 27, 2017

Contributor

The engine ignores addresses of out-of-zone name servers in fake delegations. If a name server is provided with an IP address then that address should be used, and no recursive lookup should be done on that name server name. If only one address type is provided (IPv4, IPv6), then the other shoud not be looked up.

Contributor

matsduf commented Apr 27, 2017

The engine ignores addresses of out-of-zone name servers in fake delegations. If a name server is provided with an IP address then that address should be used, and no recursive lookup should be done on that name server name. If only one address type is provided (IPv4, IPv6), then the other shoud not be looked up.

@matsduf matsduf added the enhancement label Apr 27, 2017

@matsduf matsduf added the Prio High label Apr 28, 2017

@sandoche2k sandoche2k added this to the 2017.4 milestone Sep 12, 2017

@sandoche2k

This comment has been minimized.

Show comment
Hide comment
@sandoche2k
Contributor

sandoche2k commented Sep 12, 2017

@sandoche2k

This comment has been minimized.

Show comment
Hide comment
@sandoche2k
Contributor

sandoche2k commented Nov 16, 2017

vlevigneron added a commit to vlevigneron/zonemaster-engine that referenced this issue Dec 7, 2017

@sandoche2k

This comment has been minimized.

Show comment
Hide comment
@sandoche2k

sandoche2k Dec 13, 2017

Contributor

@matsduf can you check and approve the commit?

Contributor

sandoche2k commented Dec 13, 2017

@matsduf can you check and approve the commit?

@matsduf

This comment has been minimized.

Show comment
Hide comment
@matsduf

matsduf Dec 13, 2017

Contributor

@sandoche2k, we do not approve commits, we approve PRs. That commit is included in PR #355 which @mattias-p and I have reviewed with requests for updates. That PR is also strongly connected to PR zonemaster/zonemaster-cli#63 which I have reviewed thoroughly. I have even installed the code from both PRs and tested different scenarios. Based on that I have given some comments in zonemaster/zonemaster-cli#63.

I am waiting for @vlevigneron to correct, and then I can restest. I really want "fake delegation" to be correct. That is a strong request from @aabdnn.

Contributor

matsduf commented Dec 13, 2017

@sandoche2k, we do not approve commits, we approve PRs. That commit is included in PR #355 which @mattias-p and I have reviewed with requests for updates. That PR is also strongly connected to PR zonemaster/zonemaster-cli#63 which I have reviewed thoroughly. I have even installed the code from both PRs and tested different scenarios. Based on that I have given some comments in zonemaster/zonemaster-cli#63.

I am waiting for @vlevigneron to correct, and then I can restest. I really want "fake delegation" to be correct. That is a strong request from @aabdnn.

@sandoche2k

This comment has been minimized.

Show comment
Hide comment
@sandoche2k

sandoche2k Dec 14, 2017

Contributor

@matsduf PR #355 has been updated by @vlevigneron

Contributor

sandoche2k commented Dec 14, 2017

@matsduf PR #355 has been updated by @vlevigneron

vlevigneron added a commit that referenced this issue Dec 19, 2017

@sandoche2k

This comment has been minimized.

Show comment
Hide comment
@sandoche2k

sandoche2k Jan 2, 2018

Contributor

@vlevigneron can this issue be closed?

Contributor

sandoche2k commented Jan 2, 2018

@vlevigneron can this issue be closed?

@vlevigneron

This comment has been minimized.

Show comment
Hide comment
@vlevigneron

vlevigneron Jan 2, 2018

Contributor

@sandoche2k The corresponding PR has been merged in develop branch. I guess this issue will be automatically closed when develop branch will be merged in master branch. I guess there is nothing to do now.

Contributor

vlevigneron commented Jan 2, 2018

@sandoche2k The corresponding PR has been merged in develop branch. I guess this issue will be automatically closed when develop branch will be merged in master branch. I guess there is nothing to do now.

@matsduf

This comment has been minimized.

Show comment
Hide comment
@matsduf

matsduf Jan 2, 2018

Contributor

@vlevigneron, we usually close the issue when the PR has been merged to the develop branch.

Contributor

matsduf commented Jan 2, 2018

@vlevigneron, we usually close the issue when the PR has been merged to the develop branch.

@vlevigneron

This comment has been minimized.

Show comment
Hide comment
@vlevigneron

vlevigneron Jan 2, 2018

Contributor

@matsduf That's the purpose of "fixes #295" comment in commit that should do that automatically. We are not supposed to close issues manually with that kind of feature.

Contributor

vlevigneron commented Jan 2, 2018

@matsduf That's the purpose of "fixes #295" comment in commit that should do that automatically. We are not supposed to close issues manually with that kind of feature.

@sandoche2k

This comment has been minimized.

Show comment
Hide comment
@sandoche2k

sandoche2k Jan 3, 2018

Contributor

@vlevigneron i am also surprised. Anyway as the author, can you close it manually for logistic purpose?

Contributor

sandoche2k commented Jan 3, 2018

@vlevigneron i am also surprised. Anyway as the author, can you close it manually for logistic purpose?

@vlevigneron

This comment has been minimized.

Show comment
Hide comment
@vlevigneron

vlevigneron Jan 3, 2018

Contributor

Fixed

Contributor

vlevigneron commented Jan 3, 2018

Fixed

@vlevigneron vlevigneron closed this Jan 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment