netsec-ethz / rains

RAINS (Another Internet Naming Service)
Apache License 2.0
9 stars 11 forks source link

Clients receive timeouts for queries that cannot be answered by resolvers #221

Open chaehni opened 5 years ago

chaehni commented 5 years ago

Queries which a resolver cannot answer cause the client to time out. An expected answer would be an error. Timeouts should only ever happen when a client cannot reach the resolver.

Example query: rdig --localAS 17-ffaa:1:XX @17-ffaa:0:1107,[192.33.93.195] node.snet. scionip4 -p 55553 --context . node is a subordinate zone of snet and not a host. Querying a scionip4 for a zone is not defined and the client times out.

FR4NK-W commented 5 years ago

@chaehni The issue is a bit different: The zone authority of node.snet. is not authoritative for the name node.snet., only for the *.node.snet. zone.

So the first issue is that the authoritative rains nameserver for the node.snet. zone does not detect that it is not authoritative for the name node.snet. And the second issue you are pointing out is that queries for records a nameserver is not authoritative for time out, but this seems to be ~by design: An authoritative server only answers queries about a zone it has authority over

@fehlmach Can you confirm that it is intentional for a nameserver to timeout for queries where it is not authoritative? Only the caching resolver should not time out.