search

Revertron / Alfis

Alternative Free Identity System
https://alfis.name
GNU Affero General Public License v3.0
306 stars 27 forks source link

Got bad packet: extra input data #339

Open ufm opened 1 year ago

ufm commented 1 year ago 
dig @221:d0d6:8:93c1:40ca:56ef:6b2e:da7a  -t cname _acme-challenge.cc.ygg
;; Got bad packet: extra input data
108 bytes
fe c8 81 80 00 01 00 01 00 00 00 00 0f 5f 61 63          ............._ac
6d 65 2d 63 68 61 6c 6c 65 6e 67 65 02 63 63 03          me-challenge.cc.
79 67 67 00 00 05 00 01 c0 0c 00 05 00 01 00 00          ygg.............
0e 10 00 38 24 31 65 38 37 62 66 30 33 2d 39 32          ...8$1e87bf03-92
37 35 2d 34 34 38 61 2d 39 64 31 34 2d 65 36 62          75-448a-9d14-e6b
64 62 30 61 31 34 32 65 64 04 61 75 74 68 08 61          db0a142ed.auth.a
63 6d 65 2d 64 6e 73 02 69 6f 00 00                      cme-dns.io..
Revertron commented 1 day ago

CNAME contains domain withe leading dot. We don't support such records. We can try to think about additional validation of domains though...

ufm commented 1 day ago

Additional validation during input, returning SERVFAIL, separate rules for CNAME input—anything is better than a malformed packet that neither dig nor host can parse.