[MaraDNS list] TCP

Nicholas Bamber nicholas at periapt.co.uk
Tue Nov 29 17:25:49 EST 2011 

Sam,
	I've got to the bottom of this (after dusting off gdb). The behaviour
seems to have changed slightly since I raised the issue and now the only
issue is this behaviour

? dig williams.periapt. @127.0.0.3 +tcp
;; communications error to 127.0.0.3#53: end of file


I have found that this is because the zoneserver was not permissioned to
pass on TCP requests. As soon as I set the "tcp_convert_server" and
"tcp_convert_acl" parameters it worked normally. I have no issues with
the documentation. The way Debian handles maradns config needs a
complete reworking and as part of that, it will be reasonable for users
on localhost to do these sort of queries. As such I will downgrade the
bug report to a minor non-upstream bug.

However there is still the question as to whether it would be possible
for the zoneserver to pass an error message to the client before clsoing
the connection so that the client can present a meaningful message such
as "permission denied".

On 18/07/11 16:25, Sam Trenholme wrote:
>>
>> 2.) The only way of forcing a TCP connection I can find is to use the
>> +tcp option in dig.
>>
> 
> This is one of the reasons a lot of Deadwood's tests use Deadwood.  The
> other is IPv6.
> 
> 
>> 3.) Asking for AXFR and IXFR records via dig seems to work but does not
>> deliver useful information.
>>
>>
> I thought I fixed this bug a while ago:
> 
> http://woodlane.webconquest.com/pipermail/list/2011-July/000878.html
> 
> Let me know if there are still problems
> 
> 4.) Running 'dig hostname @server +tcp' works against a bind server but
>> against the maradns zonserver seems to generate a seg fault. I will put
>> the full output at the end.
>>
>>
> This is not a good thing.  Time to generate a stack trace.  To do this:
> 
> * Compile zoneserver with the '-g' flag set (change the appropriate flag in
> zoneserver/Makefile ; with many programs "export FLAGS=-g ; make" does the
> trick but I don't remember off the top of my head if that works with
> MaraDNS)
> 
> * To run "zoneserver foo bar baz" in "gdb", type in "gdb zoneserver", follow
> by "set args foo bar baz", followed by "run"
> 
> As I recall, I had to do a bunch of stuff to fix TCP recently in the 2.0
> branch of MaraDNS.  Check it out:
> 
> http://maradns.org/download/2.0/snap
> 
> Dates are in YYYYMMDD format; 20110712 means "July 12, 2011", *not*
> "November 7, 2011"
> 
> 5.) Since askmara apparently does not have a +tcp option I am guessing
>> that this is what you are expecting. However it was not what I was
>> expecting given the documentation.
>>
> 
> There actually is an "askmara-tcp" that I use for some of the testing.
> 
> Thanks a lot for looking at MaraDNS.  I will next work on the code this
> Friday; my first order of business is fixing a bug in Deadwood with
> resolving answers.yahoo.com:
> 
> http://agn2.vk.tj
> 
> - Sam
> 


-- 
Nicholas Bamber | http://www.periapt.co.uk/
PGP key 3BFFE73C from pgp.mit.edu

More information about the list mailing list