Dear Haproxy Maintainers, In dns_read_name() when dns name is used with name compression and start position of name is greater than 255, name is read from incorrect position ( actual position%256). This causes "Invalid dns error" and backend is marked as down permanently. eg: hexadecimal value at start of dns "0xc1 1b". "0xc" specifies name compression being used. in this scenario only "1b" (27) is taken as the start of the name but actual name starts from "11b" (283).
This is a regression scenario starting from version 1.7.0 and is present in
current version.
Resolution:
Include nibble from byte used for checking compression. i.e take "11b" as
start position of dns name.
i am attaching patch to fix this bug.
haproxy config to reproduce bug :
..
resolvers dns-server
nameserver dnsmasq 8.8.8.8:53
hold valid 300s
global
stats socket /var/run/haproxy-admin.sock mode 600 level admin
ssl-server-verify none
defaults
mode http
timeout connect 30000ms
timeout client 30000ms
timeout server 30000ms
frontend http-in
default_backend servers
bind *:80
backend servers
http-request set-header Host southeastasia.api.cognitive.microsoft.com
server southeastasia.api.cognitive.microsoft.com
southeastasia.api.cognitive.microsoft.com:443 ssl check resolvers
dns-server resolve-prefer ipv4
..
Please let me know if any more information is needed for the same.
Thanks and Regards,
Nikhil Agrawal
dns-name-error.patch
Description: Binary data
