Bug #29531 for Net-DNS: Fancy "you probably meant a PTR request instead" logic breaks Net::DNS::Nameserver

Fri Sep 21 00:44:21 2007 JMEHNLE [...] cpan.org - Ticket created

Subject:

Net::DNS 0.60 make_query_packet() IP address detection seriously broken

The IP address detection logic (for PTR query magic) in Net::DNS::Resolver::Base::make_query_packet() is seriously broken as of Net::DNS 0.60. Observe: http://spf.pastebin.com/f72f8bc86 The documentation for Net::DNS::Resolver::send() specifies: | The argument list can be either a Net::DNS::Packet object or a list | of strings. The record type and class can be omitted; they default to | A and IN. If the name looks like an IP address (Ipv4 or IPv6), then | an appropriate PTR query will be performed. However, "foo:bar/baz.example.com" does NOT look like an IP address! Please fix this ASAP!

Fri Sep 21 09:06:37 2007 rwfranks [...] acm.org - Correspondence added

From:

rwfranks [...] acm.org

On Fri Sep 21 00:44:21 2007, JMEHNLE wrote: Show quoted text

> The IP address detection logic (for PTR query magic) in > Net::DNS::Resolver::Base::make_query_packet() is seriously broken as of > Net::DNS 0.60. > > Observe: http://spf.pastebin.com/f72f8bc86 > > The documentation for Net::DNS::Resolver::send() specifies: > > | The argument list can be either a Net::DNS::Packet object or a list > | of strings. The record type and class can be omitted; they default to > | A and IN. If the name looks like an IP address (Ipv4 or IPv6), then > | an appropriate PTR query will be performed. > > However, "foo:bar/baz.example.com" does NOT look like an IP address! > > Please fix this ASAP!

Neither does it look like a legitimate domain name! Net::DNS is a resolver package and leaves the responsibility for policing name/address syntax with the calling program. Having said that, it may be possible to improve the regexes in question.pm. Will look at it again.

Fri Sep 21 09:06:46 2007 The RT System itself - Status changed from 'new' to 'open'

Fri Sep 21 21:19:13 2007 JMEHNLE [...] cpan.org - Correspondence added

On Fri Sep 21 09:06:37 2007, rwfranks@acm.org wrote: Show quoted text

> On Fri Sep 21 00:44:21 2007, JMEHNLE wrote:

> > However, "foo:bar/baz.example.com" does NOT look like an IP address!

> > Neither does it look like a legitimate domain name!

Sure it does. It may not be a legitimate _host_ name, but _domain_ names can be made up of almost anything. Show quoted text

> Net::DNS is a resolver package and leaves the responsibility for > policing name/address syntax with the calling program.

I wish it would. :-) The IP-address-pattern/PTR automagic is a bit much for me, especially as it's not working correctly now and cannot be circumvented easily. Show quoted text

> Having said that, it may be possible to improve the regexes in > question.pm. Will look at it again.

Thanks!

Thu Sep 27 03:56:19 2007 olaf [...] dacht.net - Correspondence added

CC:	bug-Net-DNS [...] rt.cpan.org
Subject:	[rt.cpan.org #29531]
Date:	Thu, 27 Sep 2007 09:50:56 +0200
To:	Dick Franks <rwfranks [...] acm.org>
From:	"Olaf M. Kolkman" <olaf [...] dacht.net>

Dick, (CC-ing the ticketing system, in order to Thanks for the patch. During review I added one comment (Since you rearranged a bit of code so that the $prefix variable was not needed I did document the meaning of $5 and @expnd << in a few lines of comments. That in order to not have to spend to many brain cycles next time I read the code :-) ) Mehnle wrote: Show quoted text

> I wish it would. :-) The IP-address-pattern/PTR automagic is a bit > much for me, especially as it's not working correctly now and > cannot be > circumvented easily.

I sympathize with that. And although I do not expect any TLD with exclusively numerals I think we should allow a 'back-door'. Modifications would be: - In Resolver PM provide an argument to not map IPs into reverse DNS names. - In the Question->new() provide ad an (optional) argument hash with one argument that controls the calling of dns_addr. Alternatively, you do not call the reverse mapping code whenever the QTYPE and QCLASS are defined in Question->new() and QTYPE ne PTR. That may break a few implementations but allows folk to circumvent the reverse mapping in an easy way. thoughts? --Olaf On 27Sep 2007, at 5:11 AM, Dick Franks wrote: Show quoted text

> Olaf, > > Went for (1) pragmatism. Rejected (2) potentially troublesome, (3) too > complicated. > > new() now rejects anything containing non-address characters which > makes it much more robust. > > Please find attached source to insert on trunk. > > Fix rt.cpan.org #29531 > IPv6 address recognition broken in Question->new(). > > Regards > --Dick > > > On 21/09/2007, Dick Franks <rwfranks@acm.org> wrote:

>> Olaf, >> >> Non-essential because well designed scripts perform some checking of >> data from unreliable sources (like humans). Even if they did not, the >> end result is a failed lookup, so makes little difference. >> >> I guess there are three possible ways to go: >> >> 1) Sharpen up regex to reduce incidence of problem described (hex >> digits, 2 :s for example), but otherwise leave things as they are >> now. >> >> 2) Throw a warning or die in Question->new() for bad input (which we >> would need extra regex to detect). >> >> 3) Proper exception handling, so that the packet containing the bad >> string would never have been created. >> >> >> Will consider and report back >> >> Dick >> >> >> >> >> >> On 21/09/2007, Olaf M. Kolkman <olaf@dacht.net> wrote:

>>> >>> On 21Sep 2007, at 2:49 PM, Dick Franks wrote: >>>

>>>> Although I do not really think it essential, I will revisit >>>> question.pm to see if regex can be improved to reject grotesquely >>>> malformed argument strings.

>>> >>> >>> For security reasons or other reasons? >>> >>> --Olaf >>> >>> >>> ------------------------------------------------------ >>> Ik dacht net... heel even maar. >>> >>> >>> >>> >>>

>> >> <NetDNS-mods.tar>

------------------------------------------------------ Ik dacht net... heel even maar.

Download PGP.sig
application/pgp-signature 227b

Message body not shown because it is not plain text.

Mon Oct 01 20:22:17 2007 rwfranks [...] acm.org - Correspondence added

CC:	bug-Net-DNS [...] rt.cpan.org
Subject:	Re: [rt.cpan.org #29531]
Date:	Tue, 2 Oct 2007 01:21:44 +0100
To:	"Olaf M. Kolkman" <olaf [...] dacht.net>
From:	"Dick Franks" <rwfranks [...] acm.org>

Olaf, Something went wrong at your end. Question.pm on trunk seems to be from 0.60, not the new one I sent you. :-( Show quoted text

> Mehnle wrote:

> > I wish it would. :-) The IP-address-pattern/PTR automagic is a bit > > much for me, especially as it's not working correctly now and > > cannot be > > circumvented easily.

> > I sympathize with that. And although I do not expect any TLD with > exclusively numerals I think we should allow a 'back-door'. >... > thoughts?

Mehnle may have philosophical objections to IP address magic, but this is a long-standing feature of Net::DNS and removing it would cause much wailing and gnashing of teeth. The complaint was that it does not work correctly. My sympathy does not extend to adding back-doors and tricky logic unless absolutely necessary. This will become a live issue if some ambiguous case exists which simultaneously satisfies the relevant RFCs for both addresses and domains. Revised code attached. --DIck

Download RT29531.tar
application/x-tar 10k

Message body not shown because it is not plain text.

Wed Oct 10 00:44:16 2007 ask [...] develooper.com - Ticket #29884: Ticket created

Subject:

Fancy "you probably meant a PTR request instead" logic breaks Net::DNS::Nameserver

See also RT#29531. I got some crazy requests to my Net::DNS::Nameserver based nameserver, and it was tracked down to the completely inappropriate logic that "guesses" that the user really meant something else than specified. I get DNS requests for 'http://europe.pool.ntp.org' which while goofy is a valid DNS request. Net::DNS::Question "translates" that into a PTR request for 0.0.0.0.p.t.t.h.ip6.arpa. More details at: http://lists.oarci.net/pipermail/dns-operations/2007-October/002065.html http://lists.oarci.net/pipermail/dns-operations/2007-October/002066.html Please deprecate this feature with a warning for the next months and then disable it. Another option would be to move that logic from Net::DNS::Question into Net::DNS::Resolver (::Base) where it seems more appropriate. It shouldn't be in the lower-level "create a packet" type layers. - ask

Wed Oct 10 01:04:30 2007 ask [...] develooper.com - Ticket #29884: Correspondence added

Subject:	Re: [rt.cpan.org #29884] AutoReply: Fancy "you probably meant a PTR request instead" logic breaks Net::DNS::Nameserver
Date:	Tue, 9 Oct 2007 22:03:57 -0700
To:	bug-Net-DNS [...] rt.cpan.org
From:	Ask Bjørn Hansen <ask [...] develooper.com>

Attached is a patch that moves the logic from Question.pm to Resolver/ Base.pm I didn't re-do all the 03-question.t tests; but I did make sure the other tests exercising this feature still pass. Attached here and inline below for easier review.

Message body is not shown because sender requested not to inline it.

From 43cccf4dcce6e239f5133004c05afa46b2429562 Mon Sep 17 00:00:00 2001 From: Ask Bjoern Hansen <ask@develooper.com> Date: Tue, 9 Oct 2007 21:40:01 -0700 Subject: [PATCH] move the "make PTR request if it looks like an IP address" logic to Net::DNS::Resolver::Base from Net::DNS::Question (basically keep the lower-level code cleaner) --- lib/Net/DNS/Question.pm | 39 ++ +------------------------------------ lib/Net/DNS/Resolver/Base.pm | 36 +++++++++++++++++++++++++++++++++++- t/03-question.t | 36 +++++++++++++++++------------------- 3 files changed, 55 insertions(+), 56 deletions(-) diff --git a/lib/Net/DNS/Question.pm b/lib/Net/DNS/Question.pm index 290af08..186cd60 100644 --- a/lib/Net/DNS/Question.pm +++ b/lib/Net/DNS/Question.pm @@ -44,8 +44,9 @@ queries in in-addr.arpa and ip6.arpa subdomains. sub new { my $class = shift; - my $qname = defined ($_ = shift) ? $_ : ''; - my $qtype = uc shift || 'A'; + my $qname = shift; + $qname = '' unless defined $qname; + my $qtype = uc shift || 'A'; my $qclass = uc shift || 'IN'; $qname =~ s/\.+$//o; # strip gratuitous trailing dot @@ -56,12 +57,6 @@ sub new { if exists $Net::DNS::classesbyname{$qtype} and exists $Net::DNS::typesbyname{$qclass}; - # if argument is an IP address, do appropriate reverse lookup - if ( $qname =~ m/\d$|[:\/]/o ) { - my $type = $qtype =~ m/^(A|AAAA)$/o ? 'PTR' : $qtype; - ($qname, $qtype) = ($_, $type) if $_ = dns_addr($qname); - } - my $self = { qname => $qname, qtype => $qtype, qclass => $qclass @@ -71,34 +66,6 @@ sub new { } -sub dns_addr { - my $arg = shift; # name or IP address - - # If arg looks like IP4 address then map to in-addr.arpa space - if ( $arg =~ /((^|\d+\.)+\d+)($|\/(\d*))/o ) { - my @parse = split /\./, $1; - my $last = ($_ = ($4 || @parse<<3)) > 24 ? 3 : ($_-1)>>3; - return join '.', reverse( (@parse,(0)x3)[0 .. $last] ), 'in- addr.arpa'; - } - - # If arg looks like IP6 address then map to ip6.arpa space - if ( $arg =~ /^((\w*:)+)(\w*)($|\/(\d*))/o ) { - my @parse = split /:/, (reverse "0${1}0${3}"), 9; - my @xpand = map{/^$/ ? ('0')x(9-@parse) : $_} @parse; - my $hex = pack 'A4'x8, map{$_.'000'} ('0')x(8-@xpand), @xpand; - - # $5 is the bit in the argument that maps to the prefix length - # When not available then the number of elements in the expand - # array reflectst the prefix length (hex to bit conversion) - my $len = ($_ = ($5 || @xpand<<4)) > 124 ? 32 : ($_+3)>>2; - return join '.', split(//, substr($hex,-$len) ), 'ip6.arpa'; - } - - return undef; -} - - - # # Some people have reported that Net::DNS dies because AUTOLOAD picks up diff --git a/lib/Net/DNS/Resolver/Base.pm b/lib/Net/DNS/Resolver/Base.pm index d995d87..47148c8 100644 --- a/lib/Net/DNS/Resolver/Base.pm +++ b/lib/Net/DNS/Resolver/Base.pm @@ -1054,7 +1054,14 @@ sub make_query_packet { if (ref($_[0]) and $_[0]->isa('Net::DNS::Packet')) { $packet = shift; } else { - $packet = Net::DNS::Packet->new(@_); + my ($qname, $qtype) = (shift , shift); + $qtype ||= 'A'; + # if argument is an IP address, do appropriate reverse lookup + if ( $qname =~ m/\d$|[:\/]/o ) { + my $type = $qtype =~ m/^(A|AAAA)$/o ? 'PTR' : $qtype; + ($qname, $qtype) = ($_, $type) if $_ = dns_addr ($qname); + } + $packet = Net::DNS::Packet->new($qname, $qtype, @_); } if ($packet->header->opcode eq 'QUERY') { @@ -1100,6 +1107,33 @@ sub make_query_packet { return $packet; } +sub dns_addr { + my $arg = shift; # name or IP address + + # If arg looks like IP4 address then map to in-addr.arpa space + if ( $arg =~ /((^|\d+\.)+\d+)($|\/(\d*))/o ) { + my @parse = split /\./, $1; + my $last = ($_ = ($4 || @parse<<3)) > 24 ? 3 : ($_-1)>>3; + return join '.', reverse( (@parse,(0)x3)[0 .. $last] ), 'in- addr.arpa'; + } + + # If arg looks like IP6 address then map to ip6.arpa space + if ( $arg =~ /^((\w*:)+)(\w*)($|\/(\d*))/o ) { + my @parse = split /:/, (reverse "0${1}0${3}"), 9; + my @xpand = map{/^$/ ? ('0')x(9-@parse) : $_} @parse; + my $hex = pack 'A4'x8, map{$_.'000'} ('0')x(8-@xpand), @xpand; + + # $5 is the bit in the argument that maps to the prefix length + # When not available then the number of elements in the expand + # array reflectst the prefix length (hex to bit conversion) + my $len = ($_ = ($5 || @xpand<<4)) > 124 ? 32 : ($_+3)>>2; + return join '.', split(//, substr($hex,-$len) ), 'ip6.arpa'; + } + + return undef; +} + + sub axfr { my $self = shift; my @zone; diff --git a/t/03-question.t b/t/03-question.t index 01ad78f..bc5376f 100644 --- a/t/03-question.t +++ b/t/03-question.t @@ -1,6 +1,6 @@ # $Id$ -*-perl-*- -use Test::More tests => 31; +use Test::More tests => 14; use strict; BEGIN { use_ok('Net::DNS'); } @@ -39,16 +39,15 @@ is($q->qclass, 'CH', 'qclass()' ); -my $q2= Net::DNS::Question->new("::1","IN","A"); -is ($q2->qname, '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arp a','v6: qname()'); -is($q2->qtype, 'PTR', 'v6: qtype()' ); -is($q2->qclass, 'IN', 'v6: qclass()' ); +#my $q2= Net::DNS::Question->new("::1","IN","A"); +#is ($q2->qname, '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arp a','v6: qname()'); +#is($q2->qtype, 'PTR', 'v6: qtype()' ); +#is($q2->qclass, 'IN', 'v6: qclass()' ); - -my $q3= Net::DNS::Question->new("192.168.1.16","IN","A"); -is($q3->qname, '16.1.168.192.in-addr.arpa','v4: qname()'); -is($q3->qtype, 'PTR', 'v4: qtype()' ); -is($q3->qclass, 'IN', 'v4: qclass()' ); +#my $q3= Net::DNS::Question->new("192.168.1.16","IN","A"); +#is($q3->qname, '16.1.168.192.in-addr.arpa','v4: qname()'); +#is($q3->qtype, 'PTR', 'v4: qtype()' ); +#is($q3->qclass, 'IN', 'v4: qclass()' ); @@ -64,12 +63,12 @@ my @prefixes=qw ( 2001:0DB8:0:CD30:123:4567:89AB:CDEF/60 ); -foreach my $prefix (@prefixes ){ - my $q5= Net::DNS::Question->new($prefix,"IN","A"); - is($q5->qname, '3.D.C.0.0.0.0.8.B.D.0.1.0.0.2.ip6.arpa','v6: prefix notation for '. $prefix); - is($q5->qtype, 'PTR', 'v6: PTR for ' . $prefix ); - -} +#foreach my $prefix (@prefixes ){ +# my $q5= Net::DNS::Question->new($prefix,"IN","A"); +# is($q5->qname, '3.D.C.0.0.0.0.8.B.D.0.1.0.0.2.ip6.arpa','v6: prefix notation for '. $prefix); +# is($q5->qtype, 'PTR', 'v6: PTR for ' . $prefix ); +# +#} my $q6= Net::DNS::Question->new($prefixes[1],"IN","NS"); @@ -83,7 +82,6 @@ is($q7->qtype, 'SOA', 'v6: SOA done correctly' ); my $q8= Net::DNS::Question->new("::1.de","IN","A"); is ($q8->qname, '::1.de',"No expantion under TLD "); -my $q9= Net::DNS::Question->new('0'); - -is ($q9->qname, "0.in-addr.arpa","Zero gets treated as IP address"); +#my $q9= Net::DNS::Question->new('0'); +#is ($q9->qname, "0.in-addr.arpa","Zero gets treated as IP address"); -- 1.5.3.2

Wed Oct 10 08:27:25 2007 OLAF [...] cpan.org - Ticket #29884: Merged into ticket #29531

Wed Oct 10 08:27:27 2007 OLAF [...] cpan.org - Merged into ticket #29531

Wed Oct 10 08:27:33 2007 OLAF [...] cpan.org - Ticket #29884: Merged into ticket #29531

Wed Oct 10 08:27:34 2007 OLAF [...] cpan.org - Merged into ticket #29531

Wed Oct 10 08:27:35 2007 OLAF [...] cpan.org - Subject changed from 'Net::DNS 0.60 make_query_packet() IP address detection seriously broken' to 'Fancy "you probably meant a PTR request instead" logic breaks Net::DNS::Nameserver'

Wed Oct 10 08:28:12 2007 OLAF [...] cpan.org - Subject changed from 'Net::DNS 0.60 make_query_packet() IP address detection seriously broken' to 'Fancy "you probably meant a PTR request instead" logic breaks Net::DNS::Nameserver'

Wed Oct 10 08:33:20 2007 OLAF [...] cpan.org - Correspondence added

fixed on trunk as of revision 683

Wed Oct 10 08:33:48 2007 OLAF [...] cpan.org - Status changed from 'open' to 'resolved'

Thu Oct 11 02:42:33 2007 ask [...] develooper.com - Correspondence added

CC:	JMEHNLE [...] cpan.org
Subject:	Re: [rt.cpan.org #29531] Fancy "you probably meant a PTR request instead" logic breaks Net::DNS::Nameserver
Date:	Wed, 10 Oct 2007 23:42:02 -0700
To:	bug-Net-DNS [...] rt.cpan.org
From:	Ask Bjørn Hansen <ask [...] develooper.com>

On Oct 10, 2007, at 5:33 AM, Olaf Kolkman via RT wrote: Show quoted text

> fixed on trunk as of revision 683

Thanks! I still disagree that this logic is in a code path used by Net::DNS::Nameserver, but at least the immediate issue is fixed. It's good for a resolver, but not for a "generic" DNS framework. - ask -- http://develooper.com/ - http://askask.com/

Thu Oct 11 02:42:35 2007 The RT System itself - Status changed from 'resolved' to 'open'

Fri Dec 28 07:48:41 2007 OLAF [...] cpan.org - Correspondence added

Forthcoming 0.62 release contains a set of patches supplied by Dick Franks that rearange the relevant logic quite a bit. Closing the ticket. 0.62 is forthcoming

Fri Dec 28 07:48:43 2007 OLAF [...] cpan.org - Status changed from 'open' to 'resolved'