[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query

Sat, 28 Jan 2017 11:35:51 -0800 

** Description changed:

  [Impact]
  
  pdns-recursor in Xenial fails on FORMERR response to EDNS query.
  
  This can manifest itself through postfix not being able to send mail to
  Office 365 domains. When postfix tries to enable DNSSEC validation, the
  A record lookups start to fail, and this failure is cached for non-EDNS
  lookups as well.
  
  pdns-recursor in Xenial returns this:
  
      $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns +dnssec
      ...
      ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57895
  
  Because the relevant NS returns FORMERR (it doesn't support EDNS):
  
      $ dig A umcg-nl.mail.protection.outlook.com. \
          @ns1-proddns.glbdns.o365filtering.com. +edns +dnssec
      ...
      ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 1004
      ...
      ;; WARNING: EDNS query returned status FORMERR - retry with '+nodnssec 
+noedns'
  
  This has been fixed upstream, specifically here:
  
  
https://github.com/PowerDNS/pdns/commit/9d534f2a12defc44d2a79291bf34b82e5ee28121
  
  [Test Case]
  
- Run dig with an NS that doesn't support EDNS: $ dig A [name] @127.0.0.1
- +edns +dnssec
+ Run dig with an NS that doesn't support EDNS:
  
- For example: $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1
- +edns +dnssec
+     $ dig A SERVER @127.0.0.1 +edns +dnssec
+ 
+ For example:
+ 
+     $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns
+ +dnssec
  
  The correct A records should be returned similar to this:
  
-     ...
-     umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.87
-     umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.23
+     ...
+     umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.87
+     umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.23
  
  [Regression Potential]
  
  This is an upstream fix that has been out for a while.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1646538

Title:
  pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to