Re: [s6-dns] is there a particular reason skadns_packet would return NULL errno ENETUNREACH?

From: Guillermo <gdiazhartusch_at_gmail.com>
Date: Mon, 10 Oct 2022 16:23:47 -0300

El lun, 10 oct 2022 a las 13:28, Laurent Bercot escribió:
>
> s6dns_engine filters answers that do not seem relevant to in-flight
> queries. That includes malformed answers or ones that do not follow
> RFC 1035.
> I was made aware (thanks, Ermine) that some caches fail to set the
> RD bit in their responses to queries containing the RD bit; these
> answers were ignored.

However, the OS would still deliver them to skadnsd in a recv() /
recvfrom() call, right? If my reading of the truss outputs is correct,
the HardenedBSD system isn't getting a response at all, and whatever
error happens with the program running on the OmniOS system, if any,
does not involve the network (I can't tell if skadnsd is delivering
all received answers to the client).

I feel that packet capture tools like tcpdump(1) or OmniOS' snoop(8)
would be better suited for answering the questions that have been
raised so far (malformed packets, ignored responses, lack of
responses, etc.). Also, aren't 18 outstanding queries in a short
amount of time from one single host, like, a lot? Couldn't Shaw's
caches think that they are being DoS'ed :P ?

G:
Received on Mon Oct 10 2022 - 21:23:47 CEST

This archive was generated by hypermail 2.4.0 : Mon Oct 10 2022 - 21:24:25 CEST