On Sat, 16 May 2015 15:52:49 +0500
"Alexander E. Patrakov" <[email protected]> wrote:
> 16.05.2015 02:01, Christian Brunotte wrote:
> > The resolver can send one DNS request packet (IPv4 or IPv6 doesn't matter)
> > that
> > contains
> > queries for both the A and AAAA entries and the resolver may answer them in
> > separate packets.
>
> I would be very much interested in seeing such successful conversation
> in a pcap file. Here is the reason why I don't really belive you:
> Unbound contains code that marks all DNS packets with multiple records
> in the query section as invalid. The code is in ./daemon/worker.c,
> function worker_check_request():
>
> > if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) {
> > verbose(VERB_QUERY, "request wrong nr qd=%d",
> > LDNS_QDCOUNT(sldns_buffer_begin(pkt)));
> > return LDNS_RCODE_FORMERR;
> > }
I've just captured one lookup (using "curl debian.netcologne.de").
You'll get the pcap separately, this is the text output:
# Without "single-request", both queries are made almost simultaneously
# and from the same UDP source port!
14:02:56.295863 IP james.intern.48045 > router.intern.domain: 20946+ A?
debian.netcologne.de. (38)
14:02:56.295894 IP james.intern.48045 > router.intern.domain: 24543+ AAAA?
debian.netcologne.de. (38)
14:02:56.296646 IP router.intern.domain > james.intern.48045: 20946* 2/0/0
CNAME mirror.netcologne.de., A 194.8.197.22 (75)
14:02:56.297064 IP router.intern.domain > james.intern.48045: 24543* 2/0/0
CNAME mirror.netcologne.de., AAAA 2001:4dd0:1234:1::deb (87)
# With "single-request", both queries still use the same source ports
# but are sent in order.
14:03:05.103876 IP james.intern.34759 > router.intern.domain: 19419+ A?
debian.netcologne.de. (38)
14:03:05.104547 IP router.intern.domain > james.intern.34759: 19419* 2/0/0
CNAME mirror.netcologne.de., A 194.8.197.22 (75)
14:03:05.104671 IP james.intern.34759 > router.intern.domain: 37358+ AAAA?
debian.netcologne.de. (38)
14:03:05.105246 IP router.intern.domain > james.intern.34759: 37358* 2/0/0
CNAME mirror.netcologne.de., AAAA 2001:4dd0:1234:1::deb (87)
So apparently the difference is not exactly as I described it but the
outcome is similar: The broken firewall appliance closes the UDP port after
receiving the first answer packet and drops the second one.
I wonder why it didn't send both requests simultaneously but from
different UDP source ports, shouldn't that be fast and safe?
best regards,
-christian-
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
