Package: dns2tcp Version: 0.4.dfsg-5.1 Severity: grave Does anyone actually use this package? Either it is heavily broken or I am doing something wrong.
I set up dns2tcpd and a NS record as described in the documentation. However calling dig -t NS on the subdomain times out for the vast majority of name servers I tried. A timeout also indicates that it is not a caching problem. So I went on to see what's happening and installed tcpdump. It seems like many nameservers want to verify NS records by querying the target server (dns2tcpd). Unfortunately dns2tcpd has no handling for these requests, so it simply drops them. The asking nameserver then believes that dns2tcpd is unreachable and does not forward queries. Working out a patch for this shouldn't be difficult (famous last words), as it is "only" like handling a new packet type and answering it with information provided in the configuration file. During my research I actually found a (one) public dns server that does not do this kind of NS checking. In most use cases of dns2tcp one will not be able to choose a dns server though. Helmut -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
