Fredrik Pettai
2015-Oct-09 08:07 UTC
[nsd-users] NSD answer apparently depends on case-pattern of question
On 08 Oct 2015, at 17:00 , Niall O'Reilly <Niall.oReilly at ucd.ie> wrote:> Hi. > > Zonemaster is giving me the following error message: > > When asked for SOA records on "wWw.NO8.be" and "wwW.nO8.BE", nameserver ns1.no8.be/2001:770:13f::35:1 returns different answers. > > I believe that this is the only one (of three) authorities for > no8.be which is running NSD. I also believe that the answer should > depend only on zone data, and not be "modulated" by differences > between equivalent presentations of the question. > > I suspect a bug in NSD's code for building the answer. Perhaps it's > a known one already?It?s not a bug, it?s a feature :) btw. I thought this was taken care of in Zonemaster already: https://github.com/dotse/zonemaster/issues/372 /P
Niall O'Reilly
2015-Oct-09 12:14 UTC
[nsd-users] NSD answer apparently depends on case-pattern of question
On Fri, 09 Oct 2015 09:07:55 +0100, Fredrik Pettai wrote:> > It?s not a bug, it?s a feature :)I'm not convinced.> btw. I thought this was taken care of in Zonemaster already: > https://github.com/dotse/zonemaster/issues/372Maybe such a correction is working its way through to the production instances. I was getting the error message yesterday. If the Zonemaster Team are happy to be less strict about this, then so am I. It's their job to identify the appropriate level of pedantry (a term I'm not using pejoratively here); I'm just an amateur. med v?nliga h?lsningar, Niall
Niall O'Reilly
2015-Oct-09 23:10 UTC
[nsd-users] NSD answer apparently depends on case-pattern of question
On Fri, 09 Oct 2015 09:07:55 +0100, Fredrik Pettai wrote:> > It?s not a bug, it?s a feature :) > > btw. I thought this was taken care of in Zonemaster already: > https://github.com/dotse/zonemaster/issues/372Thanks for the reference, Fredrik. The problem I'm describing is related, but different. Issue 372 was resolved by implementation of 0x20 testing in Zonemaster. What is happening is that Zonemaster's 0x20 test is revealing behaviour by NSD which appears - to go beyond what is documented in http://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (the only version I could find); - not to be expected by Zonemaster's test; - not to match my reading of RFCs 1034, 1035, and 4343; - and not to match the default behaviour of BIND named (explained in the article from ISC's Knowledge Base which I mentioned in an earlier message). Specifically, what NSD seems to be doing is copying the 0x20 "modulation" (my term, adopted on-the-fly for convenience) from the query to the Question Section of the response (so far, so good: that's required) and then propagating, by the use of shared compression references, this modulation to the other sections of the response. Zonemaster is finding the modulation where it does not expect it, and is therefore reporting an error. Now, either Zonemaster is erroneously reporting correct (or at worst, acceptable) behaviour as an error and thus has a bug, or else NSD is behaving incorrectly and is the element which needs correction. My feeling is that the fault is with NSD, and that this should avoid using shared compression references between Question and other sections of the response for labels which differ between zone and query data simply because of 0x20 modulation. Best regards, Niall O'Reilly