Open pspacek opened 3 years ago
Github does not like my ZIP with PCAP, logs and config, so drop me a message if you need them.
Easy reproduction:
dig txt 1400.v4.big.7bits.nl
->
Oct 21 15:28:12 [3] 1400.v4.big.7bits.nl: Got 0 answers from ns.v4.big.7bits.nl (37.139.13.17), rcode=1 (Form Error), aa=0, in 4ms
This is the spot where the rcode is overwritten and no longer corresponds to the rcode in the header received:
in lwres.cc
:
catch(std::exception &mde) {
if(::arg().mustDo("log-common-errors"))
g_log<<Logger::Notice<<"Unable to parse packet from remote server "<<ip.toString()<<": "<<mde.what()<<endl;
lwr->d_rcode = RCode::FormErr;
We also ran into this issue, where the rcode gets overwritten to FORMERR - however with a bigger impact of the recursor disabling EDNS for the downstream NS due to how it handles FORMERR:
So we ended up with EDNS being disabled for the entire forwarding zone due to just a couple records giving back oversized UDP responses. Though maybe that is expected behavior.
The interaction between 'FORMERR disables EDNS0' and 'oversized responses are handled as FORMERR internally' was certainly not expected or intended! However, the expected behaviour would not help you - it would be 'try every auth in case one does not send garbage', and if all auths send oversized responses (garbage), the end result for your client would still be SERVFAIL. If it happened enough, we might even note the auth as broken for a while, again breaking all domains.
So, please do fix auths sending oversized responses. Do you know what software did that?
@Habbie ah, that definitely makes sense on how the expected behavior would break things - we're working on figuring out why the auth is sending those oversized results. Thanks!
Short description
Oversized UDP responses are logged as "Form Error" which is very confusing when actual packet on the wire is NoError.
Environment
Steps to reproduce
edns-outgoing-bufsize
to a small sizeExpected behaviour
Log message stating that response was oversized.
Actual behaviour
Actual log message about an oversized UDP answer:
Github does not like my ZIP with PCAP, logs and config, so drop me a message if you need them.