nanog mailing list archives
Re: DNS contamination
From: dvv () sprint net (Dima Volodin)
Date: Thu, 23 Jan 1997 19:37:46 -0500 (EST)
Paul A Vixie writes:
Ignoring additional records works pretty well for me.This is harder than it looks. Sometimes the glue A RRs are the only ones you can get -- you need them in order to ask questions in the domain they are in, so without them you have infinite regress.
As I said, it works fine for me. When no A record for a nameserver is available, named just issues a proper request for it to whatever server might now about it. Here's the patch: *** named/ns_resp.c.old Mon Nov 11 01:36:51 1996 --- named/ns_resp.c Thu Jan 23 19:01:30 1997 *************** *** 272,278 **** qdcount = ntohs(hp->qdcount); ancount = ntohs(hp->ancount); aucount = ntohs(hp->nscount); /* !!! */ ! arcount = ntohs(hp->arcount); free_addinfo(); /* sets addcount to zero */ cp = msg + HFIXEDSZ; dpp = dnptrs; --- 272,281 ---- qdcount = ntohs(hp->qdcount); ancount = ntohs(hp->ancount); aucount = ntohs(hp->nscount); /* !!! */ ! if (qp->q_flags & Q_PRIMING) ! arcount = ntohs(hp->arcount); ! else ! arcount = 0; free_addinfo(); /* sets addcount to zero */ cp = msg + HFIXEDSZ; dpp = dnptrs; It's a darn dirty kluge, but it works. The correct way to do that is to make sure that the responding server is in the hierarchy chain of an additional record, and ignore the record, if it's not. Note the Reply-To header. Dima - - - - - - - - - - - - - - - - -
Current thread:
- DNS contamination Dima Volodin (Jan 23)
- Re: DNS contamination Paul A Vixie (Jan 23)
- Re: DNS contamination Dima Volodin (Jan 23)
- Re: DNS contamination Paul A Vixie (Jan 23)
- Re: DNS contamination Ed Morin (Jan 23)
- Re: DNS contamination Dima Volodin (Jan 23)
- Re: DNS contamination Paul A Vixie (Jan 23)
- Re: DNS contamination Alex.Bligh (Jan 24)
- Re: DNS contamination Dima Volodin (Jan 23)
- Re: DNS contamination Paul A Vixie (Jan 23)
- Re: DNS contamination Dima Volodin (Jan 23)
- Re: DNS contamination Marc Slemko (Jan 23)
- <Possible follow-ups>
- Re: DNS contamination Dima Volodin (Jan 24)
- Re: DNS contamination Paul A Vixie (Jan 24)