Maintained by: NLnet Labs

[Unbound-users] reddit.com issue

Dave Duchscher
Mon Aug 25 17:29:54 CEST 2014


That is good to hear.  I was thinking I was getting a first line response to the issue since it was so quick.  I probably didn't explain it well enough.  I will try again.  More tickets may help push it up on their priority list.

--
Dave

On Aug 25, 2014, at 9:13 AM, Eric Meddaugh <etmsys at rit.edu> wrote:

> 
> I alerted Cloud Flare last week and they have indicate they have engineers looking into it.  I opened the ticket as a DOS against any domains they provide hosing for.  As long as there are clients querying 'http://www.reddit.com' (or any other cloud flare hosted domain) it can keep that domain offline.  Our work-around as allowed reddit.com to appear to remain online.
> 
> ---Eric
> 
> -----Original Message-----
> From: Unbound-users [mailto:unbound-users-bounces at unbound.net] On Behalf Of John Peacock
> Sent: Monday, August 25, 2014 9:45 AM
> To: unbound-users at unbound.net
> Subject: Re: [Unbound-users] reddit.com issue
> 
> On Mon, 2014-08-25 at 08:24 -0500, Dave Duchscher wrote:
>> Cloudflare's response:
>> 
>>> Hey there,
>>> 
>>> Because the DNS query "http://reddit.com" is technically not valid (since DNS queries should not contain the protocol URI), CloudFlare's DNS servers will not respond to them.
> 
> That is what I would have predicted their response would have been.  A
> broken client is making illegal DNS queries; that is the root cause of
> the difficulty.  The fact that unbound itself doesn't return an error
> for these illegal queries is only making matters worse.  Neither ':' nor
> '/' are legal DNS hostname characters (see RFC-1035 and onwards), so it
> should be the resolver library (i.e. unbound) that should be validating
> the query before sending it on, IMNSHO.  The fact that reddit.com has an
> unfriendly behavior WRT illegal queries doesn't mean it is their fault;
> there is no requirement to return NXDOMAIN or SERVFAIL or anything at
> all, so they chose to drop the query.
> 
> John
> 
> -- 
> JOHN PEACOCK
> senior software build and release engineer
> www.messagesystems.com
> twitter @MessageSystems
> 
> tel 410-872-4910 x239
> email john.peacock at messagesystems.com
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users