[dns-operations] McAfee contacts? Nameserver emitting CLASS0 SOA responses, crashes 'dig', makes PowerDNS log odd errors
Dmitri_Alperovitch at McAfee.com
Dmitri_Alperovitch at McAfee.com
Wed Dec 8 12:57:53 UTC 2010
We are looking into this. Thank you for reporting
Dmitri
Dmitri Alperovitch
VP, Threat Research
McAfee, Inc.
----- Original Message -----
From: bert hubert [mailto:bert.hubert at netherlabs.nl]
Sent: Wednesday, December 08, 2010 06:14 AM
To: dns-operations at mail.dns-oarc.net <dns-operations at mail.dns-oarc.net>
Subject: [dns-operations] McAfee contacts? Nameserver emitting CLASS0 SOA responses, crashes 'dig', makes PowerDNS log odd errors
Hi everybody,
If you know anyone over at McAfee in a DNS position, the following might be
relevant to their interests:
Feast your eyes in this:
$ dig -t ipseckey 0.11-234343.avqs.mcafee.com +trace
...
avqs.mcafee.com. 86400 IN NS local.cloud.mcafee.com.
;; Received 71 bytes from 193.108.91.2#53(ns1-2.akam.net) in 1 ms
Segmentation fault
(!)
It appears that McAfee is sending out class=0 NXDOMAINS SOA records (on
another system with a different 'dig'):
;; Warning: Message parser reports malformed message packet.
avqs.mcafee.com. 600 RESERVED0 SOA mcafee.com. hostmaster. 1291809121 1800 600 604800 600
;; Received 102 bytes from 81.173.111.74#53(local.cloud.mcafee.com) in 22 ms
Unfortunately, this condition triggers an error message in the PowerDNS
Recursor, which in turn generates around 10 log messages/second on some busy
installations with customers generating these lookups.
Since this situation also confuses/crashes 'dig', could someone from McAfee
look into the situation? It is probably not benefitial to whatever service
they are trying to provide.
Kind regards,
Bert Hubert
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list