Automatic retry on FORMERR after dropping OPT record?

44 views
Skip to first unread message

Craig Despeaux

unread,
Nov 21, 2014, 1:07:03 PM11/21/14
to dns...@googlegroups.com
Alex,

First and foremost I want to thank you for all of your hard work and contributions to Dnsruby.  I rely heavily on Dnsruby for test purposes and you've made my job much easier.  

But...  recently I found it impossible to use Dnsruby to test a situation where the DNS server was expected to return FORMERR when I send a DNS queries with malformed EDNS client subnet info.  It wasn't until I ran tcpdump and saw that Dnsruby was sending the request twice, the second time without the OPT record, that I figured out what going on.  Then after perusing the source code in your github repo, I came across the comments in packet_sender.rb that documents this behavior based on Section 5.3 of RFC2671.  

Is it possible that this behavior could be changed to an "opt in" basis?  

Re-sending the request without the OPT record completely changes the result, which is obviously going to impact anyone that is looking to verify that they receive an actual FORMERR.  Maybe it would be possible to control this behavior by adding a new attribute somewhere?  

I have currently circumvented the problem by utilizing dig to execute the test, which is possible, because I have a proxy server running between it and the resolver to manipulate the packet in such a way to support each test case (I actually do the same when testing with Dnsruby).

Thanks,
Craig

alexd...@yahoo.co.uk

unread,
Nov 22, 2014, 3:05:54 AM11/22/14
to dns...@googlegroups.com
Hi Craig - 


First and foremost I want to thank you for all of your hard work and contributions to Dnsruby.  I rely heavily on Dnsruby for test purposes and you've made my job much easier.  

Thanks!
 
But...  recently I found it impossible to use Dnsruby to test a situation where the DNS server was expected to return FORMERR when I send a DNS queries with malformed EDNS client subnet info.  It wasn't until I ran tcpdump and saw that Dnsruby was sending the request twice, the second time without the OPT record, that I figured out what going on.  Then after perusing the source code in your github repo, I came across the comments in packet_sender.rb that documents this behavior based on Section 5.3 of RFC2671.  

Is it possible that this behavior could be changed to an "opt in" basis?  

I had thought that this was already possible with dnsruby, but it appears that I was mistaken.

However, I have now modified support for the "send_raw" property of the Message to pass unmolested through the PacketSender system upon receipt. ISTM that this is the least surprising behaviour for the flag, and it fits your use case nicely.

Please let me know if you have any problems.

Thanks,


Alex.
Reply all
Reply to author
Forward
0 new messages