Bugzilla – Bug 4191
NXDOMAIN vs SERVFAIL during dns64 PTR query
Last modified: 2018-10-30 02:52:43 CET
Unbound returns SERVFAIL instead of NXDOMAIN when PTR for an address that is dns64-synthesized from a non-existent IPv4 address is queried. $ dig @::1 -x 1.2.3.4 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> @::1 -x 1.2.3.4 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6088 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;4.3.2.1.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 1.in-addr.arpa. 3587 IN SOA ns.apnic.net. read-txt-record-of-zone-first-dns-admin.apnic.net. 15763 7200 1800 604800 172800 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Oct 17 09:00:55 2018 ;; MSG SIZE rcvd: 126 $ dig @::1 -x 64:ff9b::0102:0304 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> @::1 -x 64:ff9b::0102:0304 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62567 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR ;; Query time: 468 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Oct 17 09:00:42 2018 ;; MSG SIZE rcvd: 90 I think the return value NXDOMAIN is lost somewhere between mesh.c and the modules but I've not yet tracked. Note normal AAAA queries return NXDOMAIN as expected.
Or, the answer SERVFAIL is correct? Sorry, I'm not sure. Bind seems to answer with NXDOMAIN though.
Hi Minoura, Thank you for the bug report. Fixed that it returns NXDOMAIN for this PTR query. Best regards, Wouter
Thanks a lot!
Created attachment 531 [details] debug log from unbound-1.8.1
Sorry, this is for 4191.
No, for 4193.