<html><head></head><body style="zoom: 0%;"><div dir="auto">The robustness principle is diametrically wrong. We must be ultra conservative in what we accept, to put back pressure on silly bugs before they can gain market share.<br><br></div>
<div dir="auto"><!-- tmjah_g_1299s -->Get <!-- tmjah_g_1299e --><a href="https://bluemail.me"><!-- tmjah_g_1299s -->BlueMail for Android<!-- tmjah_g_1299e --></a><!-- tmjah_g_1299s --> <!-- tmjah_g_1299e --></div>
<div class="gmail_quote" >On May 25, 2022, at 22:58, Stephane Bortzmeyer <<a href="mailto:bortzmeyer@nic.fr" target="_blank">bortzmeyer@nic.fr</a>> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="blue">[This has no operational consequences, it is just idle curiosity.]<br><br>A server receives a few packets/second coming from several IP<br>addresses and querying ./NS (like in priming, or may be in some<br>reflection attacks). The server was never a root server, of course.<br><br>What is interesting is that all these packets have two extra bytes at<br>the end, after the class. The UDP length is correct, but the DNS<br>content is not. I don't show you the output of tshark, because it<br>ignores these extra bytes (but you can see them with Wireshark or<br>other tools). I attached a small pcap.<br><br>The source IP addresses (which may be spoofed) are all registered in<br>China.<br><br>Did anyone see these requests?<br><br>Side question: what should the receiver do? tshark, as I said, drops<br>these extra bytes, Wireshark flags no error (but displays the<br>bytes). I did not test them with various DNS servers to see how they<br>react. Ignoring the extra bytes in the name of the robustness<br>principle? Instead, at least one DNS library rejects the packet as<br>malformed.<br><br></pre><pre class="blue"><hr><br>dns-operations mailing list<br>dns-operations@lists.dns-oarc.net<br><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br></pre></blockquote></div></body></html>