1.5.3 returns 'The name server was unable to interpret the query.' when adding a new record

[zraly]

Hi,

after upgrading to 1.5.3 (1.5.2 works fine), I always get 'The name server was unable to interpret the query.' error when trying to add a new record. Listing records works fine.

The log on nameserver is telling 'message parsing failed: unexpected end of input'.

Any idea, what causing this? It must be something changed in the last version, but I am not able to find the cause.

Thanks!

[mikepultz]

Hey @zraly - can you provide some example code of what you were doing? All my testing works fine.

[zraly]

@mikepultz Yes:

$u = new \Net_DNS2_Updater('domain.com', array('nameservers' => [ '1.2.3.4' ]));
$u->local_host = '1.2.3.4';
$u->add(\Net_DNS2_RR::fromString("test.domain.com 600 IN A 2.4.5.6"));
$u->signTSIG('hbb.key', 'xxx');
$u->update();

Here is the call stack (with slightly different values):

[binsky08]

It seems to be a problem with TSIG. I tried this with a test script using fake domains. Without the $u->signTSIG(...) call the package is valid. With the function call, that error appears:

The pcap dump is attached as zip file (thanks to GitHub's file extension restriction xD) sha512tsig-broken.dump.zip

[fancydos]

Having the same issue after updating to 1.5.3. Were you able to find a fix @binsky08?

[aszabonorbert]

Same issue. The AXFR does not work, it stops with the same message. Any thought?

$r = new Net_DNS2_Resolver(array('nameservers' => array(my_ns_ip))
$r->signTSIG('key', 'xxx', Net_DNS2_RR_TSIG::HMAC_SHA512);

try {
    $this->result = $r->query('my.domain.com', 'AXFR');
}
catch(Net_DNS2_Exception $e) {
    $this->error = '::query() failed: ' . $e->getMessage();

    return false;
}

[aszabonorbert]

The 1.5.3 release, which definitely has issues. I rolled back to 1.5.2, the error disappeared and AXFR works as it should. In version 1.5.3, if I use TSIG authentication, the error occurs. In the response object, the rcode property is 1 in that case, if it helps to find the error.

[fancydos]

I think the issue is here:

https://github.com/mikepultz/netdns2/blob/dc8053772132a855b8bb6193422a959995f3a773/Net/DNS2/RR/TSIG.php#L308

https://github.com/mikepultz/netdns2/commit/dc8053772132a855b8bb6193422a959995f3a773#diff-30599afeb4ae0bf2c76dd53450d9a66533f2dfe3b3ad314dad2b31cf1e8f5690L229-L248

https://github.com/mikepultz/netdns2/commit/dc8053772132a855b8bb6193422a959995f3a773#diff-50018c28008d797b7dec6535f58736fc41dac169b9b1a16ab67437f1558ef170R35-R38

In the old Net_DNS2_Packet::pack() function it split the name of the record by the . character, pack()ed each sub-name, and then concatenated using \0 as a separator, returning the result. The new Net_DNS2_Names::pack() just packs the whole name all at once.

I don't understand enough about why it was changed from Net_DNS2_Packet::pack() to Net_DNS2_Names::pack() to know if it's safe to add that logic back without breaking something else -- @mikepultz can you shed some light here? Am I on the right track at least? Would be great to get this fixed.

Edit: I added that logic to line 308, but didn't seem to make any difference. I gave up and downgraded to 1.5.2.

[mikepultz]

This issue should be resolved in v1.5.4 (just released).

Mike