trying tor respond to help for NAPTR entries

david sevilla dsevilla00 at hotmail.com
Wed May 12 14:39:55 EDT 2010


Thanks a lot Sam. I installed the latest snapshot and was able to get NAPTR queries to work.
I added some entries in my zone file and tried with dig (below is the result). I noticed that there was no "additional records" section in the response (checked with wireshark). This bring another question to mind: Is there a way to turn ON/OFF additional records fields? In bind by default it always sends the answer in the "additional records" (I am still trying to figure out if that can be turned ON/OFF in bind) so I would also receive 10.10.10.10 as the answer for the replacement without explicitly querying (mypgw.example.com).
By the way, maradns rocks! (Faster and easier to install than bind)
-David
ENTRIESexample.net. NAPTR 100 100 'a';'x-3gpp-pgw:x-s5-pmip:x-s5-gtp';'' mypgw.example.com. ~mypgw.example.com. 10.10.10.10 ~query
TESTING$ dig @172.16.1.5  NAPTR example.net
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @172.16.1.5 NAPTR example.net; (1 server found);; global options:  printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49516;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:;example.net.                   IN      NAPTR

;; ANSWER SECTION:example.net.            86400   IN      NAPTR   100 100 "a" "x-3gpp-pgw:x-s5-pmip:x-s5-gtp" "" mypgw.example.com.
;; Query time: 0 msec;; SERVER: 172.16.1.5#53(172.16.1.5);; WHEN: Wed May 12 14:31:58 2010;; MSG SIZE  rcvd: 97



YOUR ENTRY ALSO WORKED NICELY

[dsevilla at it0400-rh dsevilla]$ dig @172.16.1.5  NAPTR www.example.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @172.16.1.5 NAPTR www.example.com; (1 server found);; global options:  printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50243;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:;www.example.com.               IN      NAPTR
;; ANSWER SECTION:www.example.com.        86400   IN      NAPTR   100 100 "s" "http+I2R" "" _http._tcp.example.com.
;; Query time: 0 msec;; SERVER: 172.16.1.5#53(172.16.1.5);; WHEN: Wed May 12 14:23:45 2010;; MSG SIZE  rcvd: 85












> Date: Wed, 12 May 2010 11:22:28 -0500
> Subject: Re: trying tor respond to help for NAPTR entries
> From: strenholme.usenet at gmail.com
> To: list at maradns.org
> 
> > Error: Invalid character between chunks; this might be
> > caused by a TXT RR not terminated by a ~ character Error is on line 12 in file
> > myzone.zone context of error: ';'myservice';'a' e (closing this file)
> 
> Thank you for noticing this; this is indeed a bug in the MaraDNS csv2
> parser.  Let me just post some of the blog entry I just posted:
> 
> You know, it’s always a little embarrassing for me to have a bug in my
> code. A part of me wishes I was perfect and did not make mistakes, and
> has the notion it reflects poorly on me if a piece of code has a bug
> in it — even though it plain simply is not humanly possible to make a
> program as complex as a DNS server without any bugs.[1]
> 
> There was a bug in the code that parses NAPTR records that makes it
> impossible to parse NAPTR records unless the ~ is *not* used to
> separate records. The workaround is to not use the ~ to separate
> records in zone files with NAPTR records; the fix is available here
> (as well as attached to this email):
> 
> http://www.maradns.org/download/patches/maradns-1.4.03-naptr_parsebug.patch
> http://www.maradns.org/download/1.4/snap/2010/maradns-Q.20100512.1.tar.bz2
> 
> [I also did an IPv6 change; RTFB at http://maradns.blogspot.com/ ]
> 
> - Sam
> 
> [1] If you’re an ignorant DJB fanboy who still thinks DjbDNS is
> perfectly secure and has no bugs, you’re wrong.
> 
> Note: I do not answer MaraDNS (including Deadwood) support requests
> sent by private email without being compensated for my time. A MaraDNS
> support request is any and all discussion you may wish to have about
> MaraDNS in private email; if you want to email me to talk about
> MaraDNS then, yes, that is a support request. I will discuss rates if
> you want this kind of support. Thank you for your understanding.
> 
> MaraDNS security vulnerability reports, however, will be dealt with
> without charge and kept confidential. If you don't know what Bugtraq
> is, then, no, your email is not a security report. It is not a
> security report unless you've done due diligence to determine how the
> security bug you think you found can reasonably be exploited.
 		 	   		  
_________________________________________________________________
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4


More information about the list mailing list