group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1646538] Re: pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1646538@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Feb 2017 17:23:47 -0000
Reply-to: Bug 1646538 <1646538@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package pdns-recursor -
4.0.0~alpha2-2ubuntu0.1

---------------
pdns-recursor (4.0.0~alpha2-2ubuntu0.1) xenial; urgency=medium

  * Apply patch from upstream to not fail on FORMERR response to EDNS.
    LP: #1646538

 -- Mattia Rizzolo <mattia@xxxxxxxxxx>  Wed, 07 Dec 2016 14:46:14 +0100

** Changed in: pdns-recursor (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1646538

Title:
  pdns-recursor 4.0.0~alpha2-2 fails on FORMERR response to EDNS query

Status in pdns-recursor package in Ubuntu:
  Fix Released
Status in pdns-recursor source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  pdns-recursor in Xenial fails on FORMERR response to EDNS query.

  This can manifest itself through postfix not being able to send mail
  to Office 365 domains. When postfix tries to enable DNSSEC validation,
  the A record lookups start to fail, and this failure is cached for
  non-EDNS lookups as well.

  pdns-recursor in Xenial returns this:

      $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns +dnssec
      ...
      ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57895

  Because the relevant NS returns FORMERR (it doesn't support EDNS):

      $ dig A umcg-nl.mail.protection.outlook.com. \
          @ns1-proddns.glbdns.o365filtering.com. +edns +dnssec
      ...
      ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 1004
      ...
      ;; WARNING: EDNS query returned status FORMERR - retry with '+nodnssec +noedns'

  This has been fixed upstream, specifically here:

  https://github.com/PowerDNS/pdns/commit/9d534f2a12defc44d2a79291bf34b82e5ee28121

  [Test Case]

  Run dig with an NS that doesn't support EDNS:

      $ dig A SERVER @127.0.0.1 +edns +dnssec

  For example:

      $ dig A umcg-nl.mail.protection.outlook.com. @127.0.0.1 +edns
  +dnssec

  The correct A records should be returned similar to this:

      ...
      umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.87
      umcg-nl.mail.protection.outlook.com. 10 IN A 213.199.154.23

  [Regression Potential]

  This is an upstream fix that has been out for a while.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1646538/+subscriptions