[MaraDNS list] Deadwood update

Sam Trenholme maradns at gmail.com
Tue Apr 24 13:52:46 EDT 2012


I have updated Deadwood today. This will be my last MaraDNS and
Deadwood update until late May.

EasyDNS sometimes has given out packets marked "truncated" that, in
violation of RFC1035 section 4.1.1, do not mean that "[the] message
was truncated due to length greater than that permitted on the
transmission channel.", but mean "our UDP server is broken, try using
our TCP server".

This in mind, I have updated Deadwood so that if we got a truncated
packet and can not extract any useful information from the packet,
unless Deadwood is using DNS-over-TCP, it's better to completely
ignore the reply (when EasyDNS has had this issue, only some of their
DNS servers have been affected).

I have added a SQA test to ensure Deadwood correctly handles this
abuse of the "truncated" DNS bit.

EasyDNS: Please do not violate the DNS RFCs unless there is a
compelling reason to do so.  Sometimes, the RFCs are wrong, such as an
issue I describe at http://samiam.org/blog/20110722.html , but TC
should only mean "this packet is too long to fit in a 512-bit
DNS-over-UDP packet", *not* "our UDP server is broken right now".  Use
"server fail" or just drop the packet.

In addition, Makefile.ipv6 now works again. Keep in mind that, while
Deadwood has IPv6 support, Deadwood with IPv6 has not been widely
tested.

It can be downloaded here:

    http://www.maradns.org/deadwood/snap/

I plan to work on MaraDNS/Deadwood again one day in May, after the
20th, unless a critical security bug is found.

- Sam


More information about the list mailing list