pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pdns-recursor (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Mattia Rizzolo |
Bug Description
[Impact]
pdns-recursor in Xenial fails on FORMERR response to EDNS query.
This can manifest itself through postfix not being able to send mail to Office 365 domains. When postfix tries to enable DNSSEC validation, the A record lookups start to fail, and this failure is cached for non-EDNS lookups as well.
pdns-recursor in Xenial returns this:
$ dig A umcg-nl.
...
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57895
Because the relevant NS returns FORMERR (it doesn't support EDNS):
$ dig A umcg-nl.
...
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 1004
...
;; WARNING: EDNS query returned status FORMERR - retry with '+nodnssec +noedns'
This has been fixed upstream, specifically here:
https:/
[Test Case]
Run dig with an NS that doesn't support EDNS:
$ dig A SERVER @127.0.0.1 +edns +dnssec
For example:
$ dig A umcg-nl.
The correct A records should be returned similar to this:
...
umcg-
umcg-
[Regression Potential]
This is an upstream fix that has been out for a while.
description: | updated |
Changed in pdns-recursor (Ubuntu Xenial): | |
status: | Triaged → In Progress |
assignee: | nobody → Mattia Rizzolo (mapreri) |
description: | updated |
The attachment "9d534f2a12defc 44d2a79291bf34b 82e5ee28121. patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]