Maintained by: NLnet Labs

[Unbound-users] Unbound rejects queries with unknown data in additional section

W.C.A. Wijngaards
Fri Jan 11 09:00:07 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alexander,

On 01/11/2013 08:37 AM, Alexander E. Patrakov wrote:
> Hello.
> 
> I found a difference in behaviour between Unbound and BIND. Could
> you please explain if this is intentional?

Yes this was intentional.  It is copied from NSD.  It rejects a query
that has unknown components, because the server does not support this
sort of query.  FORMERR, because this rcode means there was something
wrong with the query.

> The difference happens if a query contains something except the
> query section and the OPT record. Namely, a non-standard record in
> the additional section. To reproduce the problem, you can run this
> command in bash:
> 
> echo
> '4VEBAAABAAAAAAABA3d3dwZkYWRhZGECcnUAAAEAAQD/7QABAAAAAAAEIYWXrg==' 
> | base64 -d > /dev/udp/127.0.0.1/53
> 
> and observe the FORMERR in wireshark or in the log if 127.0.0.1
> runs unbound-1.4.17. This comes from the parse_edns_from_pkt()
> function.
> 
> BIND just ignores the unknown record and replies normally.

Is there some reason you want this?

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQ78aCAAoJEJ9vHC1+BF+NrDkP/RDstnefWixNuEdcU3klgk7L
lKnuRgjtyku/jvgR4d/xMCt+2lLcUPS9shYFxPQfwiTOQPAIiZv0ySaroNSBuroW
vVNIrFNjQAh7W90CrZ8o6Frv+d5wY0Rml+xwnB74V+x9zgIjArkDO7MJx8QwyLIW
GQ7d8onXdhPzSDiItXAHbacxRXl9l6s6kKPr3DI2Z/Z+UVJCUq8/uhiEzXuVPJHo
y+5nJZYubVf+pV8gv5EP9Owh6+Mg1PKJh0qFyOlQDK5JStdImNYN0mAMrsKxjZtS
DfVqYZMIDxNSetR1UPMnhBmjmd+ZnyYNtEeH5qw36mZNKn17FIm7gVDJixM7hO0R
Q+ti+AzEYa1WXxtG+Lp4K51iBLJqPW+6SkyWFTNU3dQbJsF0v+ciGUFoNjASvwOf
WEwD4E2VTkSMi2CCDydWmIcI5xwrwBknyu+3veLz9Hyey0SWe1dGA5MWiGVYn5gW
3AMi0aubhz1D3NAxomsgQLyy1n3KUkIK5Llxsq37tEofg/pNezHte0gexV6rkfdb
QPcDkzvHWy87gK73pBY2Fj6EziQbHdtQMJwaSTio5HZJPaTv5WaVVDitsnS0WP+m
+f/7J4rCcCoHf91zURycZfuBIYkaUZ+p3BFLAss4VZvZMbZiyac/UuIcV1+kz7dk
oRt0HJ8jSbskzXq7QJqd
=VEBa
-----END PGP SIGNATURE-----