Curious things with MaraDNS

Sam Trenholme strenholme.usenet at gmail.com
Mon Aug 2 02:15:36 EDT 2010 

> since a few month I noticed DNS lookups for 'sv5.isp4p.net' results in
> SERVFAIL.

It gets a timeout in Deadwood 2.9.02.  This is because it’s one of the
very rare cases of having a packet that doesn’t fit in 512 bytes:

$ askmara Asv5.isp4p.net. 85.93.19.20
# Querying the server with the IP 85.93.19.20
# Remote server said: TRUNCATED
# Question: Asv5.isp4p.net.
sv5.isp4p.net. +3600 a 89.144.46.3
sv5.isp4p.net. +3600 a 89.144.16.3
sv5.isp4p.net. +3600 a 89.144.27.12
sv5.isp4p.net. +3600 a 85.93.17.13
sv5.isp4p.net. +3600 a 89.144.51.3
sv5.isp4p.net. +3600 a 85.93.4.54
sv5.isp4p.net. +3600 a 89.144.41.3
sv5.isp4p.net. +3600 a 89.144.30.12
sv5.isp4p.net. +3600 a 85.93.23.13
sv5.isp4p.net. +3600 a 89.144.37.12
sv5.isp4p.net. +3600 a 89.144.4.41
sv5.isp4p.net. +3600 a 89.144.38.12
sv5.isp4p.net. +3600 a 89.144.9.21
sv5.isp4p.net. +3600 a 85.93.13.14
sv5.isp4p.net. +3600 a 85.93.12.3
sv5.isp4p.net. +3600 a 85.93.25.13
sv5.isp4p.net. +3600 a 85.93.22.28
sv5.isp4p.net. +3600 a 85.93.13.13
sv5.isp4p.net. +3600 a 85.93.24.27
sv5.isp4p.net. +3600 a 85.93.23.27
sv5.isp4p.net. +3600 a 85.93.13.15
sv5.isp4p.net. +3600 a 85.93.17.15
sv5.isp4p.net. +3600 a 89.144.33.12
sv5.isp4p.net. +3600 a 85.93.27.3
sv5.isp4p.net. +3600 a 89.144.32.12
sv5.isp4p.net. +3600 a 85.93.25.14
sv5.isp4p.net. +3600 a 89.144.40.3
sv5.isp4p.net. +3600 a 89.144.45.3
sv5.isp4p.net. +3600 a 89.144.36.12
sv5.isp4p.net. +3600 a 85.93.25.27
# Hard Error: Error reading rr in AN section

I hope to have time in the next couple of days to update Deadwood to
handle truncated packets.  Right now, Deadwood *should* mark the
packet as being truncated, and allow DNS-over-TCP (without caching the
reply).  This works with upstream_servers but, it would seem, not with
root_servers (if it broke with upstream_servers, I would have noticed
during the SQA regressions)

- Sam

Note: I do not answer MaraDNS (including Deadwood) support requests
sent by private email without being compensated for my time. A MaraDNS
support request is any and all discussion you may wish to have about
MaraDNS in private email; if you want to email me to talk about
MaraDNS then, yes, that is a support request. I will discuss rates if
you want this kind of support. Thank you for your understanding.

MaraDNS security vulnerability reports, however, will be dealt with
without charge and kept confidential. If you don't know what Bugtraq
is, then, no, your email is not a security report. It is not a
security report unless you've done due diligence to determine how the
security bug you think you found can reasonably be exploited.

More information about the list mailing list