Maintained by: NLnet Labs

Unbound and senderbase.org requests

Dimitar Gerasimov
Tue Jul 19 07:44:33 CEST 2016


Hi Wouter,

Disabling use-caps-for-id solve the issue. Thank You very much for helping!


On 18.07.2016 10:53, W.C.A. Wijngaards via Unbound-users wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi Dimitar,
>
> The query work for me, both with and without qname minimisation.
>
> The name v1x2s.rf-adfe2ko9.senderbase.org. returns NXDOMAIN and this
> is an error.  But qname minimisation works around it (by assuming
> non-DNSSEC servers cannot get NXDOMAIN right).
>
> But with use-caps-for-id: yes I get NXDOMAIN as well.  The server
> cannot handle the fact that DNS does not distinguish between uppercase
> and lowercase and treats those names differently.  You could try to
> get them to fix the software (and also for the NXDOMAIN problem noted
> above).  Or you can caps-whitelist: "senderbase.org" in unbound.conf
> that will omit the dns-0x20 upper-lowercase changes to that domain name.
>
> Best regards, Wouter
>
> On 18/07/16 09:20, Dimitar Gerasimov via Unbound-users wrote:
>> Hi all,
>>
>> Long story short - we have Cisco Ironport email security appliance.
>> This device filter emails by reputation filtering. To do this, the
>> device send dns TXT request to senderbase.org, and based on answer
>> make decisions about filtering mails.
>>
>> But that is not working through Unbound .
>>
>> This is request and answer using Google free DNS :
>>
>> dig @8.8.8.8 txt
>> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
> derbase.org
>>
>>
>> ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 txt
>> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
> derbase.org
>>   ; (1 server found) ;; global options: +cmd ;; Got answer: ;;
>> ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3460 ;; flags: qr
>> rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;;
>> QUESTION SECTION:
>> ;1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.se
> nderbase.org.
>>
> IN TXT
>> ;; ANSWER SECTION:
>> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
> derbase.org.
>>
> 999 IN TXT "|0=2.5|1=0.0|2=0.4399|3=0.5|7=AvNDhLIaN|10=0,0|"
>> ;; Query time: 195 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon
>> Jul 18 08:29:16 EEST 2016 ;; MSG SIZE  rcvd: 170
>>
>> As we can see, the request has a ANSWER SECTION, and Cisco Ironport
>> use this numbers for blocking e-mails (domains).
>>
>> This is request and answer using Unbound
>>
>> dig @UnboundIP txt
>> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
> derbase.org
>>
>>
>> ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @UnboundIP txt
>> 1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.sen
> derbase.org
>>   ; (1 server found) ;; global options: +cmd ;; Got answer: ;;
>> ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5044 ;; flags: qr
>> rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1480 ;;
>> QUESTION SECTION:
>> ;1-1569def8d9137c6f0dfef01fc43c5f39.142.36.123.93.v1x2s.rf-adfe2ko9.se
> nderbase.org.
>>
> IN TXT
>> ;; Query time: 235 msec ;; SERVER: UnboundIP#53(UnboundIP) ;; WHEN:
>> Mon Jul 18 09:53:42 EEST 2016 ;; MSG SIZE  rcvd: 110
>>
>>
>> Unbound return ANSWER NXDOMAIN. Can someone help me with this ?
>> Thanks.
>>
>>
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJXjIsSAAoJEJ9vHC1+BF+NsLsQAICCyW2CbAuPU9eqHU00dC8o
> rvYdIz1+KwZs7+ES9cYi8NB3cGw8JlPv+uFZFcA/k4kg5v/W7DiHtGVwvHZPxFkI
> hsL53ngk62so+jFkXcn59o2x/d3J/axAJbCAdyp6R7IIyTLBDajk5zNHHGeGNK+h
> mbqQLOPRNroHR0mY+jHHsdzDtNAnKvziWfIPsflKoRkLk/2fZK/uJpltp3Pv/ad4
> J6K0ygRNUPRPwXZknpobfhm67ADexU8sBeK/bnA+4GkV00F8W49pAPhY+5hX/j5D
> P+uFAm9e3F/s0qZ4yxFeXBKeURma42AoobKRh0TXdedgw8ltiLJi00ULV+LB0IPi
> fmkgqAtlTWCHx4FkbABmVtBtm2EGEJC867nHHTOZCtX0Q1hVuBMTTxkL7PWYtqKT
> iyI3O/6TUUErLRgoc5ZrcPKOPBsKELZBpxXxrabv3+iB51hkxK2CGxUclR+/FG4U
> FhN1H0aZ0xsfG+f4k1azePcZGc8e01p4sxvBrniE8YG4YVkqTjI849N82t/0qFxC
> LcVwNTJ8mzxJNNV3UqtPGzgjjKYVeis5pzVxe1/YXZUxj3kEyJxaX45yhemxj8x+
> Kal347Jln8t1y8gHd/eRyfD/Qc9r/8ww4xzcdLYIwA9lnKVfNQ4w+OiIjiy5EWfJ
> +vscS8bF4NrWDQM2dLZ1
> =zBjQ
> -----END PGP SIGNATURE-----