Bug 721 - Wrong error code (FORMERR) returned for unknown opcode. NOTIMP expected.
Wrong error code (FORMERR) returned for unknown opcode. NOTIMP expected.
Status: RESOLVED FIXED
Product: NSD
Classification: Unclassified
Component: NSD Code
4.1.x
All All
: P5 minor
Assigned To: NSD team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-16 23:54 CET by Mark Andrews
Modified: 2015-11-17 09:45 CET (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Andrews 2015-11-16 23:54:31 CET
When testing the h.root-servers.net I got a FORMERR rather than a NOTIMP when sending a header only query.  If a OPT record is present then NOTIMP is returned
as expected.

Mark

[marka@ednscomp ~/tld-report]$ ~/bin/dig +opcode=15 +header-only +noedns +qr @198.97.190.53 +norec

; <<>> DiG 9.11.0pre-alpha <<>> +opcode=15 +header-only +noedns +qr @198.97.190.53 +norec
; (1 server found)
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: RESERVED15, status: NOERROR, id: 45482
;; flags: ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;; QUERY SIZE: 12

;; Got answer:
;; ->>HEADER<<- opcode: RESERVED15, status: FORMERR, id: 45482
;; flags: qr; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; Query time: 72 msec
;; SERVER: 198.97.190.53#53(198.97.190.53)
;; WHEN: Mon Nov 16 22:47:06 UTC 2015
;; MSG SIZE  rcvd: 12

[marka@ednscomp ~/tld-report]$ ~/bin/dig version.bind txt ch @198.97.190.53 +norec

; <<>> DiG 9.11.0pre-alpha <<>> version.bind txt ch @198.97.190.53 +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9604
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;version.bind.			CH	TXT

;; ANSWER SECTION:
version.bind.		0	CH	TXT	"NSD 4.1.6"

;; Query time: 72 msec
;; SERVER: 198.97.190.53#53(198.97.190.53)
;; WHEN: Mon Nov 16 22:47:27 UTC 2015
;; MSG SIZE  rcvd: 63

[marka@ednscomp ~/tld-report]$
Comment 1 Wouter Wijngaards 2015-11-17 09:02:10 CET
Hi Mark,

The difference is not the OPT record, but the code tells me it is the query section.  QDCOUNT=0 makes it FORMERR, now.  With QDCOUNT=1 (and a parseable query), it is NOTIMP.  The FORMERR refers to failing the parse_query_section() call.  Does that change what the appropriate response has to be?  I'll gladly adjust it to match future compatibility.

Best regards, Wouter
Comment 2 Mark Andrews 2015-11-17 09:31:13 CET
INVERSE queries have QD=0. In general any and all sections can have a zero
counts.  Only when a opcode is defined can zero counts cause FORMERRs if the
definition of the opcode requires a section to be non-zero. 

It should be impossible for a opcode has not been documented to return FORMERR
as there is no defined format for that opcode.  There isn't even a requirement
for there to be a domain name following the header.  A new opcode can define
that there is extension header immediately following the header.  Yes, this
will cause most parsers to say there is a FORMERR but that should get mapped
to NOTIMP once the opcode is checked (yes I need to check this corner case
with named).

The test query however only sends a DNS header so it shouldn't trigger this
particular corner case.
Comment 3 Wouter Wijngaards 2015-11-17 09:45:44 CET
Hi Mark,

Yes, of course.  I did not know the sections could change contents!  Code fix committed (also for the NSD3 branch).  Unbound does not seem to have this bug (on code inspection).

Best regards, Wouter