Re: ares "feature": Ignores responses from unexpected sources
Date: Thu, 16 Oct 2003 23:27:12 +0200
On Thu, Oct 16, 2003 at 10:58:40AM -0700, Mark Pizzolato wrote:
> On Thursday, October 16, 2003 8:15 AM, Daniel Stenberg wrote:
> > On Wed, 8 Oct 2003, Henrik Storner wrote:
> > > I have a DNS server that accepts queries on one IP-address, but sends
> > > answers with a different source-IP. A network trace says (IP's and
> > > domain-names changed):
> > >
> > > 10.29.31.155 -> 10.29.37.21 DNS C dns01a.foo.com. Internet Addr ?
> > > 10.29.10.5 -> 10.29.31.155 DNS R dns01a.foo.com. Internet Addr 10.29.37.21
> > >
> > > Note that the request is sent to 10.29.37.21, but the answer
> > > originates from 10.29.10.5.
Just to finish this off, it turned out that the odd source-IP in the
response packet was the result of accessing the DNS server through a
load-balancer. So I really cannot blame the DNS server software for
doing weird stuff - it was an odd network setup that caused things to
happen that way.
But there is still the issue of how the various resolver libraries
handle the situation.
> Well, the behavior of ignoring responses from sources that weren't directly
> requested is viewed as a security advantage. It has existed as an option
> (RES_INSECURE1) for a long time in the libresolv code.
> I recall recently reading an RFC which describes ignoring such answers as
> the best current practice (certainly a SHOULD and maybe a MUST). I'll see
> if I can find the particular RFC.
Thanks for those pointers. The idea of sending a note to Bugtraq about
the behaviour of the standard libresolv - at least as found on my
Linux boxes - did cross my mind.
> Meanwhile there may be a bug in the ares resolver if it doesn't eventually
> timeout .
Hopefully I'll get some time this coming week-end to see if I can hunt
down that bug, or come up with a simple testcase.
-- Henrik Storner <henrik_at_hswn.dk> ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.phpReceived on 2003-10-16