Servers not complying with RFC 6891 return FORMERR
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Lunar |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This has been fixed upstream in 9.18.17, see here: https:/
This affects using bind9 as a recursive resolver for (according to the ISC ticket) 0.5% of servers. One such example can be seen by querying es.ap-southeast
Source package: https:/
$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
$ apt-cache policy bind9
bind9:
Installed: 1:9.18.
Candidate: 1:9.18.
Version table:
*** 1:9.18.
500 http://
500 http://
100 /var/lib/
1:
500 http://
What I expect to happen:
I get a NOERROR response with an answer when I query DNS servers categorised by the ISC ticket. The following example uses my ISP's PowerDNS Recursor instance
$ dig es.ap-southeast
; <<>> DiG 9.18.12-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15672
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;es.ap-
;; ANSWER SECTION:
es.ap-southeast
;; Query time: 8 msec
;; SERVER: 127.0.0.
;; WHEN: Sun Sep 24 23:42:27 UTC 2023
;; MSG SIZE rcvd: 76
What happens:
When querying a recursive bind9 instance - SERVFAIL, no ANSWER section
$ dig es.ap-southeast
; <<>> DiG 9.18.12-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17052
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 9a0b0bb6ca2af0f
;; QUESTION SECTION:
;es.ap-
;; Query time: 16 msec
;; SERVER: 10.16.0.
;; WHEN: Sun Sep 24 23:45:51 UTC 2023
;; MSG SIZE rcvd: 88
When querying the authoritative server directly with dig - FORMERR, EDNS COOKIE echoed
$ dig es.ap-southeast
; <<>> DiG 9.18.12-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 47262
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 80d952006d3f0a53 (echoed)
;; QUESTION SECTION:
;es.ap-
;; Query time: 4 msec
;; SERVER: 52.119.
;; WHEN: Sun Sep 24 23:46:46 UTC 2023
;; MSG SIZE rcvd: 72
Changed in bind9 (Ubuntu Jammy): | |
status: | Fix Committed → Fix Released |
Changed in bind9 (Ubuntu Lunar): | |
status: | Fix Committed → Fix Released |
Thanks for reporting this bug.
Could you check if the package in the -proposed pocket fixes the issue? You can enable the proposed pocket by following the guidelines in https:/ /wiki.ubuntu. com/Testing/ EnableProposed.
Please, do not do so in your production environment.