Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper handling of non-terminal wildcard #748

Closed
SivaKesava1 opened this issue Sep 27, 2023 · 4 comments
Closed

Improper handling of non-terminal wildcard #748

SivaKesava1 opened this issue Sep 27, 2023 · 4 comments

Comments

@SivaKesava1
Copy link

SivaKesava1 commented Sep 27, 2023
edited

Hi @ShreyasZare,

The following discrepancy is from the test case 133.

The test zone file is:

bankcard.bar.				      500 IN SOA	ns1.outside.edu. root.campus.edu. 3 604800 86400 2419200 604800
bankcard.bar.				      500 IN NS		ns1.outside.edu.
*.bankcard.bar.				      500 IN CNAME	mybankcard.www.bar.bar.
campus.*.bankcard.bar.			      500 IN NS		bar.

The response for the query <campus.email.bankcard.bar., NS> from Technitium server is:

          "opcode QUERY",
          "rcode NOERROR",
          "flags QR",
          ";QUESTION",
          "campus.email.bankcard.bar. IN NS",
          ";ANSWER",
          ";AUTHORITY",
          "campus.*.bankcard.bar. 500 IN NS bar.",
          ";ADDITIONAL"

whereas the response from others was:

          "opcode QUERY",
          "rcode NOERROR",
          "flags QR AA",
          ";QUESTION",
          "campus.email.bankcard.bar. IN NS",
          ";ANSWER",
          "campus.email.bankcard.bar. 500 IN CNAME mybankcard.www.bar.bar.",
          ";AUTHORITY",
          ";ADDITIONAL"

When you match a query against this record, you should treat the * in campus.*.bankcard.bar. as a literal character *, not a wildcard. Therefore, the query should not match this record. If you think of the domain names in the zone as a tree., then at the email label in the query, there is no exact match. So, the wildcard record *.bankcard.bar. captures it.

--Siva
@ShreyasZare
Copy link
Member

Thanks for the feedback. Will get this fixed soon.

@ShreyasZare
Copy link
Member

Thanks again for the report. Technitium DNS Server v11.5.2 is now available that fixes this issue. Do update and let me know your feedback.

@SivaKesava1
Copy link
Author

I don't think it handles empty non-terminal wildcards correctly still.

Zone file is:

test.   500     IN      SOA     ns1.outside.edu. root.campus.edu. 8 6048 4000 2419200 6048
test.   500     IN      NS      ns1.outside.edu.
a.*.*.test.     500     IN      CNAME   some.domain.

For the query <a.a.test., CNAME> the response from Technitium is:

           "rcode NXDOMAIN",
          "flags QR AA RA",
          ";QUESTION",
          "a.a.test. IN CNAME",
          ";ANSWER",
          ";AUTHORITY",
          "test. 500 IN SOA ns1.outside.edu. root.campus.edu. 8 6048 4000 2419200 6048",
          ";ADDITIONAL"

The response from others is same except that the RCODE is NOERROR. The empty wildcard will capture the query so the name is considered as existing, so it should not be NXDOMAIN.

@ShreyasZare ShreyasZare reopened this Jan 12, 2024
@ShreyasZare
Copy link
Member

Technitium DNS Server v12 is now available that fixes this issue. Do update and let me know your feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ShreyasZare @SivaKesava1