Unbound and senderbase.org requests

Mon Jul 18 07:53:59 UTC 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Dimitar,

The query work for me, both with and without qname minimisation.

The name v1x2s.rf-adfe2ko9.senderbase.org. returns NXDOMAIN and this
is an error.  But qname minimisation works around it (by assuming
non-DNSSEC servers cannot get NXDOMAIN right).

But with use-caps-for-id: yes I get NXDOMAIN as well.  The server
cannot handle the fact that DNS does not distinguish between uppercase
and lowercase and treats those names differently.  You could try to
get them to fix the software (and also for the NXDOMAIN problem noted
above).  Or you can caps-whitelist: "senderbase.org" in unbound.conf
that will omit the dns-0x20 upper-lowercase changes to that domain name.

Best regards, Wouter

On 18/07/16 09:20, Dimitar Gerasimov via Unbound-users wrote:
> Hi all,
> 
> Long story short - we have Cisco Ironport email security appliance.
> This device filter emails by reputation filtering. To do this, the
> device send dns TXT request to senderbase.org, and based on answer
> make decisions about filtering mails.
> 
> But that is not working through Unbound .
> 
> This is request and answer using Google free DNS :
> 
> dig @8.8.8.8 txt 
> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
derbase.org
>
> 
> 
> ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 txt 
> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
derbase.org
>
>  ; (1 server found) ;; global options: +cmd ;; Got answer: ;;
> ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3460 ;; flags: qr
> rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;;
> QUESTION SECTION: 
> ;1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.se
nderbase.org.
>
> 
IN TXT
> 
> ;; ANSWER SECTION: 
> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
derbase.org.
>
> 
999 IN TXT "|0=2.5|1=0.0|2=0.4399|3=0.5|7=AvNDhLIaN|10=0,0|"
> 
> ;; Query time: 195 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon
> Jul 18 08:29:16 EEST 2016 ;; MSG SIZE  rcvd: 170
> 
> As we can see, the request has a ANSWER SECTION, and Cisco Ironport
> use this numbers for blocking e-mails (domains).
> 
> This is request and answer using Unbound
> 
> dig @UnboundIP txt 
> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
derbase.org
>
> 
> 
> ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @UnboundIP txt 
> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
derbase.org
>
>  ; (1 server found) ;; global options: +cmd ;; Got answer: ;;
> ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5044 ;; flags: qr
> rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1480 ;;
> QUESTION SECTION: 
> ;1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.se
nderbase.org.
>
> 
IN TXT
> 
> ;; Query time: 235 msec ;; SERVER: UnboundIP#53(UnboundIP) ;; WHEN:
> Mon Jul 18 09:53:42 EEST 2016 ;; MSG SIZE  rcvd: 110
> 
> 
> Unbound return ANSWER NXDOMAIN. Can someone help me with this ?
> Thanks.
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXjIsSAAoJEJ9vHC1+BF+NsLsQAICCyW2CbAuPU9eqHU00dC8o
rvYdIz1+KwZs7+ES9cYi8NB3cGw8JlPv+uFZFcA/k4kg5v/W7DiHtGVwvHZPxFkI
hsL53ngk62so+jFkXcn59o2x/d3J/axAJbCAdyp6R7IIyTLBDajk5zNHHGeGNK+h
mbqQLOPRNroHR0mY+jHHsdzDtNAnKvziWfIPsflKoRkLk/2fZK/uJpltp3Pv/ad4
J6K0ygRNUPRPwXZknpobfhm67ADexU8sBeK/bnA+4GkV00F8W49pAPhY+5hX/j5D
P+uFAm9e3F/s0qZ4yxFeXBKeURma42AoobKRh0TXdedgw8ltiLJi00ULV+LB0IPi
fmkgqAtlTWCHx4FkbABmVtBtm2EGEJC867nHHTOZCtX0Q1hVuBMTTxkL7PWYtqKT
iyI3O/6TUUErLRgoc5ZrcPKOPBsKELZBpxXxrabv3+iB51hkxK2CGxUclR+/FG4U
FhN1H0aZ0xsfG+f4k1azePcZGc8e01p4sxvBrniE8YG4YVkqTjI849N82t/0qFxC
LcVwNTJ8mzxJNNV3UqtPGzgjjKYVeis5pzVxe1/YXZUxj3kEyJxaX45yhemxj8x+
Kal347Jln8t1y8gHd/eRyfD/Qc9r/8ww4xzcdLYIwA9lnKVfNQ4w+OiIjiy5EWfJ
+vscS8bF4NrWDQM2dLZ1
=zBjQ
-----END PGP SIGNATURE-----