Bugzilla – Bug 766
dns64 should synthesize results on timeout/errors
Last modified: 2016-05-20 08:36:55 CEST
Presently, the dns64 module will only synthesize an answer when it receives a noerror/nodata response for the AAAA query. IETF RFC 6147 section 5.1.2 states that AAAA should be synthesized for non-zero rcodes other than 3 (nxdomain):
We ran into this querying portal.adp.com. That cnames to portal.gslb.adp.com. The nameservers for gslb.adp.com do not respond to AAAA queries, but do respond to A and other qtypes.
The same RFC goes on in section 5.1.3 to state that timeouts should be treated as rcode 2 (servfail), and I believe the implication is that you'd then synthesize for this case too.
Fixed with this patch:
--- dns64/dns64.c (revision 3720)
+++ dns64/dns64.c (working copy)
@@ -521,13 +521,14 @@
* - An internal query.
* - A query for a record type other than AAAA.
* - CD FLAG was set on querier
- * - An AAAA query for which an error was returned.
+ * - An AAAA query for which an error was returned.(qstate.return_rcode)
+ * -> treated as servfail thus synthesize (sec 5.1.3 6147), thus
+ * synthesize in (sec 5.1.2 of RFC6147).
* - A successful AAAA query with an answer.
if ( (enum dns64_qstate)qstate->minfo[id] == DNS64_INTERNAL_QUERY
|| qstate->qinfo.qtype != LDNS_RR_TYPE_AAAA
|| (qstate->query_flags & BIT_CD)
- || qstate->return_rcode != LDNS_RCODE_NOERROR
|| (qstate->return_msg &&
Thank you for the report.
Best regards, Wouter