search

MichaCo / DnsClient.NET

DnsClient.NET is a simple yet very powerful and high performant open source library for the .NET Framework to do DNS lookups
https://dnsclient.michaco.net
Apache License 2.0
781 stars 137 forks source link

Exceptions in DnsClient.LookupClient.HandleDnsResponeParseException #193

Closed jol64 closed 8 months ago

jol64 commented 1 year ago

I am experiencing the following exceptions with version 1.7 running on .NET Framework 4.8:

Object reference not set to an instance of an object. at DnsClient.LookupClient.HandleDnsResponeParseException(DnsResponseParseException ex, DnsRequestMessage request, DnsMessageHandleType handleType, Boolean isLastServer) at DnsClient.LookupClient.ResolveQuery(IReadOnlyList1 servers, DnsQuerySettings settings, DnsMessageHandler handler, DnsRequestMessage request, LookupClientAudit audit) at DnsClient.LookupClient.QueryInternal(DnsQuestion question, DnsQuerySettings queryOptions, IReadOnlyCollection1 servers) at DnsClient.LookupClient.Query(DnsQuestion question) at DnsClient.LookupClient.Query(String query, QueryType queryType, QueryClass queryClass) at SmtpSecAnalyzer.MailExchangeAnalysis.DnsQuery[T](LookupClient lc, QueryType q, String name, MailDnsInfo parent)

I am getting this for a TXT and a TLSA record lookup where the queried records do not exist, and the zone is signed (supporting DNSSEC). Looking at the code I suspect the resonse is too big to fit within a typical package (contains SOA, 3NSEC3, 4RRSIG).

In fact, when I provide something along LookupClientOptions (nameserveraddresses) {UseTcpOnly = true} I get a different exception:

invalid bitmap length, less than 2 bytes available. at DnsClient.Protocol.NSecRecord.d11.MoveNext() at System.Linq.Buffer1..ctor(IEnumerable1 source) at System.Linq.OrderedEnumerable`1.d1.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator2.MoveNext() at System.Linq.Buffer1..ctor(IEnumerable1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable1 source) at DnsClient.Protocol.NSec3Record..ctor(ResourceRecordInfo info, Byte hashAlgorithm, Byte flags, Int32 iterations, Byte[] salt, Byte[] nextOwnersName, Byte[] bitmap) at DnsClient.DnsRecordFactory.ResolveNSec3Record(ResourceRecordInfo info) at DnsClient.DnsRecordFactory.GetRecord(ResourceRecordInfo info) at DnsClient.DnsMessageHandler.GetResponseMessage(ArraySegment`1 responseData)

which doesn´t help either.

As a work around I am assuming a record does not exist when I encounter an exception, but I´d prefer a standard NX-Response.

jol64 commented 1 year ago

I have been investigating (one) parsing errors. Actually the record queried does exist, the NSEC3 is in the additional section and obviously does not have a type bitmap (none shown in WireShark). If I allow bitmap length 0 in NSec(3)Records, then this exception goes away. I don´t know whether length 0 is ok, but the DNS server returning that respose is Cloudflare 1.1.1.1

MichaCo commented 1 year ago

Thanks for looking into it. Yeah I think that makes sense to allow 0 here I'll try to change that in the next update