[dns-operations] McAfee contacts? Nameserver emitting CLASS0 SOA responses, crashes 'dig', makes PowerDNS log odd errors

Dmitri_Alperovitch at McAfee.com Dmitri_Alperovitch at McAfee.com
Wed Dec 8 12:57:53 UTC 2010


We are looking into this. Thank you for reporting

Dmitri

Dmitri Alperovitch
VP, Threat Research
McAfee, Inc.


----- Original Message -----
From: bert hubert [mailto:bert.hubert at netherlabs.nl]
Sent: Wednesday, December 08, 2010 06:14 AM
To: dns-operations at mail.dns-oarc.net <dns-operations at mail.dns-oarc.net>
Subject: [dns-operations] McAfee contacts? Nameserver emitting CLASS0 SOA responses, crashes 'dig', makes PowerDNS log odd errors

Hi everybody,

If you know anyone over at McAfee in a DNS position, the following might be
relevant to their interests:

Feast your eyes in this:

$ dig -t ipseckey 0.11-234343.avqs.mcafee.com +trace
...
avqs.mcafee.com.        86400   IN      NS      local.cloud.mcafee.com.
;; Received 71 bytes from 193.108.91.2#53(ns1-2.akam.net) in 1 ms

Segmentation fault
(!)

It appears that McAfee is sending out class=0 NXDOMAINS SOA records (on
another system with a different 'dig'):

;; Warning: Message parser reports malformed message packet.
avqs.mcafee.com.        600     RESERVED0 SOA   mcafee.com. hostmaster. 1291809121 1800 600 604800 600
;; Received 102 bytes from 81.173.111.74#53(local.cloud.mcafee.com) in 22 ms

Unfortunately, this condition triggers an error message in the PowerDNS
Recursor, which in turn generates around 10 log messages/second on some busy
installations with customers generating these lookups.

Since this situation also confuses/crashes 'dig', could someone from McAfee
look into the situation? It is probably not benefitial to whatever service
they are trying to provide.

Kind regards,

Bert Hubert

_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations



More information about the dns-operations mailing list