"When a DNS client receives a reply with TC set, it should ignore that response"This should be cheerfully ignored. The fact of the matter is this: When an upstream DNS server sends us a truncated reply, they will usually give us the first 512 bytes of that reply, which can often times have useful information.
Indeed, one of the answers we get while trying to process answers.yahoo.com is truncated. But has useful information. So I have added some code which will, when getting a truncated reply, grab the first answer from the truncated reply and use that.
In the case of getting a reply marked truncated and not getting any information in the packet, it is still possible to enable tcp_listen and get the packet via TCP, but, with this update, this will almost never need to be done to resolve a query. Indeed, I recommend that users with tcp_listen enabled disable it when upgrading to Deadwood 3.0.03.
In addition, this release of Deadwood has a number of other bug fixes from the last six months:
- RA bit is no longer sent when sending recursive queries
- Synthetic "not there" replies are now correctly formed DNS packets
- Domains where one of the nameservers gives us a "QUERY REFUSED" correctly handled unless we are asking for an AAAA IPv6 IP (since some broken DNS servers respond to AAAA requests with "QUERY REFUSED")
- SQA tests and other elements updated for Scientific Linux 6
- Example dwood3rc file updated to show how to blacklist domains
It can be downloaded here:
http://www.maradns.org/deadwood/stable/I have also updated MaraDNS to use Deadwood 3.0.03:
http://www.maradns.org/download/2.0/snap/The next day I plan to work on MaraDNS/Deadwood is two weeks from today: August 5, 2011.
To post a comment about an entry, send me an email and I may or may not post your comment (with or without editing)