[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
This bug was fixed in the package pdns-recursor - 4.0.0~alpha2-2ubuntu0.1 --- pdns-recursor (4.0.0~alpha2-2ubuntu0.1) xenial; urgency=medium * Apply patch from upstream to not fail on FORMERR response to EDNS. LP: #1646538 -- Mattia Rizzolo Wed, 07 Dec 2016 14:46:14 +0100 ** Changed in: pdns-recursor (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
** Description changed: [Impact] pdns-recursor in Xenial fails on FORMERR response to EDNS query. This can manifest itself through postfix not being able to send mail to Office 365 domains. When postfix tries to enable DNSSEC validation, the A record lookups start to fail, and this failure is cached for non-EDNS lookups as well. pdns-recursor in Xenial returns this: $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns +dnssec ... ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57895 Because the relevant NS returns FORMERR (it doesn't support EDNS): $ dig A umcg-nl.mail.protection.outlook.com. \ @ns1-proddns.glbdns.o365filtering.com. +edns +dnssec ... ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 1004 ... ;; WARNING: EDNS query returned status FORMERR - retry with '+nodnssec +noedns' This has been fixed upstream, specifically here: https://github.com/PowerDNS/pdns/commit/9d534f2a12defc44d2a79291bf34b82e5ee28121 [Test Case] - Run dig with an NS that doesn't support EDNS: $ dig A [name] @127.0.0.1 - +edns +dnssec + Run dig with an NS that doesn't support EDNS: - For example: $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 - +edns +dnssec + $ dig A SERVER @127.0.0.1 +edns +dnssec + + For example: + + $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns + +dnssec The correct A records should be returned similar to this: - ... - umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.87 - umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.23 + ... + umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.87 + umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.23 [Regression Potential] This is an upstream fix that has been out for a while. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
It works. $ apt-cache policy pdns-recursor pdns-recursor: Installed: 4.0.0~alpha2-2 Candidate: 4.0.0~alpha2-2ubuntu0.1 Version table: 4.0.0~alpha2-2ubuntu0.1 500 500 http://archive.ubuntu.com/ubuntu xenial-proposed/universe amd64 Packages 4.0.0~alpha2-2osso1 500 500 http://ppa.osso.nl/ubuntu xenial/osso amd64 Packages *** 4.0.0~alpha2-2 500 500 http://apt.osso.nl/ubuntu xenial/universe amd64 Packages 100 /var/lib/dpkg/status $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns +dnssec ... ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19210 $ sudo apt-get install pdns-recursor $ apt-cache policy pdns-recursor pdns-recursor: Installed: 4.0.0~alpha2-2ubuntu0.1 Candidate: 4.0.0~alpha2-2ubuntu0.1 Version table: *** 4.0.0~alpha2-2ubuntu0.1 500 500 http://archive.ubuntu.com/ubuntu xenial-proposed/universe amd64 Packages 100 /var/lib/dpkg/status 4.0.0~alpha2-2osso1 500 500 http://ppa.osso.nl/ubuntu xenial/osso amd64 Packages 4.0.0~alpha2-2 500 500 http://apt.osso.nl/ubuntu xenial/universe amd64 Packages $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns +dnssec ... ;; ANSWER SECTION: umcg-nl.mail.protection.outlook.com. 10 IN A213.199.154.23 umcg-nl.mail.protection.outlook.com. 10 IN A213.199.154.87 ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
Hello wdoekes, or anyone else affected, Accepted pdns-recursor into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/pdns- recursor/4.0.0~alpha2-2ubuntu0.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: pdns-recursor (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
the update is in the SRU review queue so unsubscribing the sponsors from the bug -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
** Changed in: pdns-recursor (Ubuntu Xenial) Status: Triaged => In Progress ** Changed in: pdns-recursor (Ubuntu Xenial) Assignee: (unassigned) => Mattia Rizzolo (mapreri) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
** Description changed: - The pdns-recursor in Xenial returns this: + [Impact] - $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns +dnssec - ... - ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57895 + pdns-recursor in Xenial fails on FORMERR response to EDNS query. - While it should return this: + This can manifest itself through postfix not being able to send mail to + Office 365 domains. When postfix tries to enable DNSSEC validation, the + A record lookups start to fail, and this failure is cached for non-EDNS + lookups as well. - ... - umcg-nl.mail.protection.outlook.com. 10 IN A213.199.154.87 - umcg-nl.mail.protection.outlook.com. 10 IN A213.199.154.23 + pdns-recursor in Xenial returns this: + + $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns +dnssec + ... + ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57895 Because the relevant NS returns FORMERR (it doesn't support EDNS): - $ dig A umcg-nl.mail.protection.outlook.com. \ - @ns1-proddns.glbdns.o365filtering.com. +edns +dnssec - ... - ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 1004 - ... - ;; WARNING: EDNS query returned status FORMERR - retry with '+nodnssec +noedns' + $ dig A umcg-nl.mail.protection.outlook.com. \ + @ns1-proddns.glbdns.o365filtering.com. +edns +dnssec + ... + ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 1004 + ... + ;; WARNING: EDNS query returned status FORMERR - retry with '+nodnssec +noedns' - This has been fixed in later versions of pdns, specifically here: + This has been fixed upstream, specifically here: https://github.com/PowerDNS/pdns/commit/9d534f2a12defc44d2a79291bf34b82e5ee28121 - After applying that patch onto 4.0.0~alpha2-2, pdns-recursor behaves as - expected and returns the correct A records. + [Test Case] + Run dig with an NS that doesn't support EDNS: $ dig A [name] @127.0.0.1 + +edns +dnssec - This bug manifested itself in our case through Postfix not being able to - send mail to Office 365 domains. When postfix tried to enable optional - DNSSEC validation -- which it did because of a builtin default -- the A - record lookups would start to fail, and this failure would be cached for - non-EDNS lookups as well. + For example: $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 + +edns +dnssec - See original discussion here: - http://postfix.1071664.n5.nabble.com/EDNS-DANE-trouble-with-Microsoft-mail-protection-outlook-com-td87331.html#a87353 - "EDNS / DANE trouble with Microsoft mail.protection.outlook.com." + The correct A records should be returned similar to this: - Attached, the patch that appears to fix the problem. + ... + umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.87 + umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.23 - IMHO, Xenial (being an LTS) needs to get this fixed. Either by updating - from 4.0.0 to something more recent, or by applying this patch. + [Regression Potential] - Cheers, - Walter Doekes - OSSO B.V. + This is an upstream fix that has been out for a while. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
Ok, you can find the proposed package in https://launchpad.net/~mapreri/+archive/ubuntu/lp-1646538 The debdiff: https://launchpadlibrarian.net/297013877/pdns-recursor_4.0.0~alpha2-2_4.0.0~alpha2-2ubuntu0.1.diff.gz If somebody fixes the bug description, I'll upload it ubuntu; also feel free to beat me in copying the package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
cool, then what is left is somebody to rewrite the description following the SRU template. I'll prepare the package and upload to a PPA for everybody to test the change. ** Changed in: pdns-recursor (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
The patch is present in rec-4.0.0-beta1, so if Yakkety runs >=4.0.0 (not alpha), we should be good. But sure: $ grep VERSION /etc/os-release VERSION="16.10 (Yakkety Yak)" VERSION_ID="16.10" VERSION_CODENAME=yakkety $ dpkg -l pdns-recursor | grep ^ii ii pdns-recursor 4.0.1-1build2 amd64PowerDNS Recursor $ sudo netstat -apnAinet | grep 53.*pdns tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 18159/pdns_recursor udp0 0 127.0.0.1:530.0.0.0:* 18159/pdns_recursor $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns +dnssec +short 213.199.154.23 213.199.154.87 Confirmed. It's fixed in Yakkety. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
Can anybody confirm this issue is not present in yakkety? If so, I can do the actual SRU, but somebody else should 1) format this bug according to https://wiki.ubuntu.com/SRU 2) test the resulting package. ** Also affects: pdns-recursor (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: pdns-recursor (Ubuntu Xenial) Status: New => Triaged ** Changed in: pdns-recursor (Ubuntu Xenial) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
Someone who's still involved in Ubuntu development really ought to slap a debian/changelog on this and upload it as an SRU. ** Changed in: pdns-recursor (Ubuntu) Status: New => Triaged ** Changed in: pdns-recursor (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
This bug is preventing email contact with a variety of domains serviced by Microsoft. This is LTS, it's critical not to use alpha-quality software that cause this level of disruption in production. Also, since the fix is available upstream, I encourage you to prioritize. Thank you. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query
The attachment "9d534f2a12defc44d2a79291bf34b82e5ee28121.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1646538 Title: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
