Skip Menu |

This queue is for tickets about the Net-DNS CPAN distribution.

Report information
The Basics
Id: 125890
Status: resolved
Priority: 0/
Queue: Net-DNS
People
Owner: Nobody in particular
Requestors: green [...] strato.de
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 1.05
Fixed in: 1.16_01

History Show all quoted text
  Thu Jul 19 10:36:12 2018 green [...] strato.de - Ticket created
CC: "prov [...] strato-rz.de" <prov [...] strato-rz.de>
Subject: 1 record response series
Date: Thu, 19 Jul 2018 14:27:17 +0000
To: "bug-Net-DNS [...] rt.cpan.org" <bug-Net-DNS [...] rt.cpan.org>
From: "Green, Michael" <green [...] strato.de>
Hello, I am currently working with Net::DNS and have noticed some unexpected (for me) behaviour from an AXFR request when using PowerDNS. When I make a request to PowerDNS, Net::DNS reports only one SOA resource record back. I've had a look at what it's doing and it seems that PowerDNS is returning responding with the AXFR grouped into 3 response series (in my example). The first and the last only contain the SOA record and the middle series contains the bulk of the resource records. The Net::DNS::Resolver is interpreting this first response with only a SOA record as an end of response so failing to process the rest of it. A quick scan of what looks to be a relevant RFC says: An AXFR response that is transferring the zone's contents will consist of a series (which could be a series of length 1) of DNS messages. In such a series, the first message MUST begin with the SOA resource record of the zone, and the last message MUST conclude with the same SOA resource record. https://tools.ietf.org/html/rfc5936#section-2.2 That suggests to me that PowerDNS is making a valid response. If you think otherwise please let me know. I've included a patch to try and fix the issue, if you want it. Best regards, Michael Green

Message body is not shown because sender requested not to inline it.

  Thu Jul 19 12:28:43 2018 rwfranks [...] acm.org - Correspondence added
Subject: AXFR: 1 record per packet responses
Interesting. Before we start hacking code, need to establish the facts. Net::DNS version? There are two ways of using resolver->axfr(): my @zone = $resolver->axfr('net-dns.org'); or my $iterator = $resolver->axfr('net-dns.org'); my $soa = $iterator->(); while ( $iterator->() ) { ... } It would be helpful to know which. Could you set up a (small) test zone on a publicly accessible PowerDNS nameserver so that I may see what is going on. All the TSIG testing was done using BIND configured to emit single RRs. That was years ago, so it is possible that a breakage may have been introduced when the iterator stuff was added.
  Thu Jul 19 12:28:44 2018 The RT System itself - Status changed from 'new' to 'open'
  Thu Jul 19 20:32:55 2018 rwfranks [...] acm.org - Broken in 1.05 added
  Sat Jul 21 08:15:45 2018 green [...] strato.de - Correspondence added
CC: "prov [...] strato-rz.de" <prov [...] strato-rz.de>
Subject: Re: [rt.cpan.org #125890] AXFR: 1 record per packet responses
Date: Sat, 21 Jul 2018 12:15:28 +0000
To: "bug-Net-DNS [...] rt.cpan.org" <bug-Net-DNS [...] rt.cpan.org>
From: "Green, Michael" <green [...] strato.de>
Hi, The version of Net::DNS I'm testing on is 1.15. Yes both ways of accessing the axfr resource records are affected. The problem is that the iterator (which it also uses for the array context results under the hood) if returning an undef for the first set of resource records when it finds that there are no other resource records after the initial SOA record. So the following statement in your example code would end prematurely: while ( $iterator->() ) { Show quoted text
________________________________________ From: Dick Franks via RT <bug-Net-DNS@rt.cpan.org> Sent: 19 July 2018 18:28 To: Green, Michael Subject: [rt.cpan.org #125890] AXFR: 1 record per packet responses <URL: https://rt.cpan.org/Ticket/Display.html?id=125890 > Interesting. Before we start hacking code, need to establish the facts. Net::DNS version? There are two ways of using resolver->axfr(): my @zone = $resolver->axfr('net-dns.org'); or my $iterator = $resolver->axfr('net-dns.org'); my $soa = $iterator->(); while ( $iterator->() ) { ... } It would be helpful to know which. Could you set up a (small) test zone on a publicly accessible PowerDNS nameserver so that I may see what is going on. All the TSIG testing was done using BIND configured to emit single RRs. That was years ago, so it is possible that a breakage may have been introduced when the iterator stuff was added.
  Sat Jul 21 13:32:26 2018 rwfranks [...] acm.org - Correspondence added
On Sat Jul 21 08:15:45 2018, green@strato.de wrote: Show quoted text
> Hi, > > The version of Net::DNS I'm testing on is 1.15.
Good catch! The fault lies in the iterator itself and has existed since 1.05
  Sat Jul 21 13:32:27 2018 rwfranks [...] acm.org - Fixed in 1.16_01 added
  Mon Sep 03 06:10:26 2018 NLNETLABS [...] cpan.org - Correspondence added
Fixed in 1.17
  Mon Sep 03 06:10:27 2018 NLNETLABS [...] cpan.org - Status changed from 'open' to 'resolved'