Maintained by: NLnet Labs

EDNS RRs

Ian Cohee
Thu Nov 19 21:47:39 CET 2015


Hello all,

One of our engineers discovered some interesting behavior while testing
bad EDNS RRs in Unbound. He discovered that Unbound properly checks and
identifies a truncated OPT RR as a FORMERR, but then returns the
truncated OPT RR, resulting in a malformed response to a malformed
request. I have attached a PCAP file that should contain the malformed
requests/responses.

Has anyone observed this behavior, and if so, had issues from it?

I'd also like to hear some opinions about this behavior.

Thanks,

-- 
Ian Cohee | Software Engineer
Secure64 Software Corporation
ian.cohee at secure64.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Unbound-EDNS
Type: application/octet-stream
Size: 1734 bytes
Desc: not available
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20151119/40217158/attachment.obj>