[dns-operations] McAfee contacts? Nameserver emitting CLASS0 SOA responses, crashes 'dig', makes PowerDNS log odd errors
bert.hubert at netherlabs.nl
Wed Dec 8 12:14:32 UTC 2010
If you know anyone over at McAfee in a DNS position, the following might be
relevant to their interests:
Feast your eyes in this:
$ dig -t ipseckey 0.11-234343.avqs.mcafee.com +trace
avqs.mcafee.com. 86400 IN NS local.cloud.mcafee.com.
;; Received 71 bytes from 184.108.40.206#53(ns1-2.akam.net) in 1 ms
It appears that McAfee is sending out class=0 NXDOMAINS SOA records (on
another system with a different 'dig'):
;; Warning: Message parser reports malformed message packet.
avqs.mcafee.com. 600 RESERVED0 SOA mcafee.com. hostmaster. 1291809121 1800 600 604800 600
;; Received 102 bytes from 220.127.116.11#53(local.cloud.mcafee.com) in 22 ms
Unfortunately, this condition triggers an error message in the PowerDNS
Recursor, which in turn generates around 10 log messages/second on some busy
installations with customers generating these lookups.
Since this situation also confuses/crashes 'dig', could someone from McAfee
look into the situation? It is probably not benefitial to whatever service
they are trying to provide.
More information about the dns-operations