Bug#397064: wrong handling of NXDOMAIN reply from remote servers

Sat, 04 Nov 2006 13:10:52 -0800 

Package: maradns
Version: 1.2.12.03-1
Severity: important

DNS resolution generally works with maradns, but today I started
seeing this:

  piper:~> host -v www.mldonkey.net
  Query failed, 0 answers, status: server failure
  www.mldonkey.net A record not found, server failure

If I do the same query to the forwarder which maradns uses, it works
as expected:

  piper:~> host -v www.mldonkey.net 62.2.17.61
  Query failed, 0 answers, authoritative status: non-existent domain
  www.mldonkey.net does not exist at ns11.cablecom.net (Authoritative answer)

So I fired off maradns in verbose=3 mode and tcpdump on the side,
and this is what happens. The players are _C_ommand line, _M_aradns,
and _T_cpdump:

C: piper:~> host www.mldonkey.net

M:  Log: Message received, processing
   Query from: 192.168.14.3 Awww.mldonkey.net.

T: 21:55:37.356174 IP 84.72.16.145.18848 > 62.2.17.60.53:  18327+ A? 
www.mldonkey.net. (34)
   21:55:37.462970 IP 62.2.17.60.53 > 84.72.16.145.18848:  18327 NXDomain* 
0/0/0 (34)
   21:55:37.463307 IP 84.72.16.145.16684 > 62.2.24.162.53:  43190+ A? 
www.mldonkey.net. (34)
   21:55:37.594952 IP 62.2.24.162.53 > 84.72.16.145.16684:  43190 NXDomain* 
0/0/0 (34)
   21:55:37.723543 IP 84.72.16.145.17876 > 62.2.17.60.53:  18034+ A? 
www.mldonkey.net. (34
   21:55:37.733918 IP 62.2.17.60.53 > 84.72.16.145.17876:  18034 NXDomain* 
0/0/0 (34)
   21:55:37.734184 IP 84.72.16.145.18469 > 62.2.24.162.53:  28830+ A? 
www.mldonkey.net. (34)
   21:55:37.761935 IP 62.2.24.162.53 > 84.72.16.145.18469:  28830 NXDomain* 
0/0/0 (34)

M:  Log: No reply from remote servers

C: www.mldonkey.net A record not found, server failure



This creates a bunch of questions:

  1. why does maradns even ask the second forwarder after receiving
     an NXDOMAIN from the first?
  2. why does it ask both servers *twice*?
  3. why does it report a server failure, claiming the remote
     servers did not respond, when in fact they did?

I disabled the packet filter for this test, and port 53/udp can be
accessed from the outside.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.17-2-amd64
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

-- 
 .''`.   martin f. krafft <[EMAIL PROTECTED]>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

Reply via email to