dns test cases failures when upgrading to c-ares 1.21.0/1.22.0 #50741
Comments
|
We're seeing the same in #50444 (comment). |
bradh352
added a commit
to bradh352/node
that referenced
this issue
Nov 15, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fixes: nodejs#50741 Refs: nodejs#50444 Fix By: Brad House (@bradh352)
|
PR #50743 to try to naively fix this ... don't know if nodejs wants it done differently |
kvakil
added
cares
martenrichter
pushed a commit
to martenrichter/node
that referenced
this issue
Nov 26, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: nodejs#50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: nodejs#50741 Refs: nodejs#50444
lucshi
pushed a commit
to lucshi/node
that referenced
this issue
Nov 27, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: nodejs#50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: nodejs#50741 Refs: nodejs#50444
RafaelGSS
pushed a commit
that referenced
this issue
Nov 27, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: #50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: #50741 Refs: #50444
RafaelGSS
pushed a commit
that referenced
this issue
Nov 29, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: #50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: #50741 Refs: #50444
RafaelGSS
pushed a commit
that referenced
this issue
Nov 30, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: #50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: #50741 Refs: #50444
UlisesGascon
pushed a commit
that referenced
this issue
Dec 11, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: #50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: #50741 Refs: #50444
UlisesGascon
pushed a commit
that referenced
this issue
Dec 13, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: #50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: #50741 Refs: #50444
UlisesGascon
pushed a commit
that referenced
this issue
Dec 15, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: #50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: #50741 Refs: #50444
UlisesGascon
pushed a commit
that referenced
this issue
Dec 19, 2023
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: #50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: #50741 Refs: #50444
richardlau
pushed a commit
that referenced
this issue
Mar 20, 2024
c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fix By: Brad House (@bradh352) PR-URL: #50743 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Fixes: #50741 Refs: #50444
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version
No response
Platform
No response
Subsystem
No response
What steps will reproduce the bug?
Run node-js tests when linking with c-ares 1.21.0 or 1.22.0. Observe failures to
parallel/test-dns-resolveanyandparallel/test-dns-resolveany-bad-ancount.How often does it reproduce? Is there a required condition?
100% of the time
What is the expected behavior? Why is that the expected behavior?
Test cases should pass
What do you see instead?
Test cases fail
Additional information
See c-ares/c-ares#621 with further discussion.
For
parallel/test-dns-resolveany, c-ares now conforms with RFC 7208 and concatenates multiple strings for the same TXT record, hence the failure in this test case as it assumes non-conformance like previous c-ares versions.For
parallel/test-dns-resolveany-bad-ancount, it appears a malformed response packet is sent making it completely unparseable, so c-ares is now days throwing away the response assuming it will get a legitimate response (and therefore goes through retry cycles). c-ares plans on adding support for RFC 9018 which requires full message parsing to determine if the response may be spoofed and should be tossed (and therefore wait for the legitimate response). I think this test case should be changed to simply look for a result other than ARES_SUCCESS.@gjasny
The text was updated successfully, but these errors were encountered: