[dns-operations] McAfee contacts? Nameserver emitting CLASS0 SOA responses, crashes 'dig', makes PowerDNS log odd errors

bert hubert bert.hubert at netherlabs.nl
Wed Dec 8 12:14:32 UTC 2010


Hi everybody,

If you know anyone over at McAfee in a DNS position, the following might be
relevant to their interests:

Feast your eyes in this:

$ dig -t ipseckey 0.11-234343.avqs.mcafee.com +trace
...
avqs.mcafee.com.        86400   IN      NS      local.cloud.mcafee.com.
;; Received 71 bytes from 193.108.91.2#53(ns1-2.akam.net) in 1 ms

Segmentation fault
(!)

It appears that McAfee is sending out class=0 NXDOMAINS SOA records (on
another system with a different 'dig'):

;; Warning: Message parser reports malformed message packet.
avqs.mcafee.com.        600     RESERVED0 SOA   mcafee.com. hostmaster. 1291809121 1800 600 604800 600
;; Received 102 bytes from 81.173.111.74#53(local.cloud.mcafee.com) in 22 ms

Unfortunately, this condition triggers an error message in the PowerDNS
Recursor, which in turn generates around 10 log messages/second on some busy
installations with customers generating these lookups.

Since this situation also confuses/crashes 'dig', could someone from McAfee
look into the situation? It is probably not benefitial to whatever service
they are trying to provide.

Kind regards,

Bert Hubert




More information about the dns-operations mailing list