why DNS can't have nice things

Paul Vixie paul at redbarn.org
Fri Apr 14 12:42:18 UTC 2023 

once an embedded dns recursive server works well enough, it ships, is 
widely deployed, and becomes abandonware. the apps which don't work are 
found (by others) later. there is no complaint path.

> ; <<>> DiG 9.16.33 <<>> api.dnsdb.info
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54714
> ;; flags: qr rd ad; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;api.dnsdb.info.                        IN      A
> 
> ;; ANSWER SECTION:
> api.dnsdb.info.         0       IN      CNAME   dnsdb.info.
> dnsdb.info.             0       IN      A       104.244.13.65
> dnsdb.info.             0       IN      A       104.244.14.69
> ns5.dnsmadeeasy.com.    0       IN      A       208.94.148.13
> ns5.dnsmadeeasy.com.    0       IN      AAAA    2600:1800:5::1
> ns6.dnsmadeeasy.com.    0       IN      A       208.80.124.13
> ns6.dnsmadeeasy.com.    0       IN      AAAA    2600:1801:6::1
> ns7.dnsmadeeasy.com.    0       IN      A       208.80.126.13
> ns7.dnsmadeeasy.com.    0       IN      AAAA    2600:1802:7::1
> 
> ;; Query time: 0 msec
> ;; SERVER: 172.26.16.1#53(172.26.16.1)
> ;; WHEN: Fri Apr 14 12:27:20 UTC 2023
> ;; MSG SIZE  rcvd: 301

so, greetings from the botconf (strasbourg) wifi network, where the 
A/AAAA records of the authority servers are placed in the answer section 
rather than the additional data section, and there is no authority 
section which would help a stub resolver understand why these A/AAAA RRs 
are present. also, TCP/53 does not answer. no RST, no ICMP, no nothing.

i would likely never have discovered the asinfo bug in dnsdbq had i not 
visited this particular hotel, who deserved higher quality from their 
wifi vendor, but is powerless (as am i) to get it fixed upstream. so:

> diff --git a/asinfo.c b/asinfo.c
> index 21fca4b..573a662 100644
> --- a/asinfo.c
> +++ b/asinfo.c
> @@ -174,11 +174,8 @@ asinfo_from_dns(const char *dname, char **asnum, char **cidr) {
>         ns_rr rr;
> 
>         DEBUG(1, true, "asinfo_from_dns(%s)\n", dname);
> -       if ((res.options & RES_INIT) == 0) {
> +       if ((res.options & RES_INIT) == 0)
>                 res_ninit(&res);
> -               /* use a TCP connection and keep it open */
> -               res.options |= RES_USEVC|RES_STAYOPEN;
> -       }
>         n = res_nquery(&res, dname, ns_c_in, ns_t_txt, buf, sizeof buf);
>         if (n < 0) {
>                 if (res.res_h_errno == HOST_NOT_FOUND)
> @@ -210,6 +207,8 @@ asinfo_from_dns(const char *dname, char **asnum, char **cidr) {
>                         result = strdup(strerror(errno));
>                         break;
>                 }
> +               if (ns_rr_type(rr) != ns_t_txt)
> +                       goto next_rr;
>                 rdata = ns_rr_rdata(rr);
>                 rdlen = ns_rr_rdlen(rr);
>                 ntxt = 0;
> @@ -295,6 +294,7 @@ asinfo_from_dns(const char *dname, char **asnum, char **cidr) {
>                         free(txt[n]);
>                         txt[n] = NULL;
>                 }
> + next_rr:;
>         }
>         return result;
>  }

(https://github.com/dnsdb/dnsdbq)
-- 
P Vixie

More information about the dns-operations mailing list