Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix handling of dnssec-retry queries. #1438

Merged
merged 1 commit into from
Sep 18, 2022
Merged

Fix handling of dnssec-retry queries. #1438

merged 1 commit into from
Sep 18, 2022

Conversation

DL6ER
Copy link
Member

@DL6ER DL6ER commented Sep 18, 2022

By submitting this pull request, I confirm the following:

  • I have read and understood the contributors guide.
  • I have checked that another pull request for this purpose does not exist.
  • I have considered, and confirmed that this submission will be valuable to others.
  • I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  • I give this submission freely, and claim no ownership to its content.

How familiar are you with the codebase?:

10

The most recent FTL release contains dnsmasq v2.87rc1 which causes a regression for dnssec-retry queries leading to a bug where FTL isn't able to interpret the query type as DS/DNSKEY and incorrectly infers TYPE<upstream-port> as query type:

6df9d0a56d2a13a43de97e71de42629b5706b5c5
(picture taken from related Discourse topic)

Subsequently, FTL fails to analyze the content of this query (as it doesn't know how to handle, e.g. TYPE5335) and simply logs BLOB as return type (= some unknown binary stuff).

It is worth pointing out that DNS blocking and internal DNSSEC verification still works fine making this a displaying bug only.

@DL6ER
Fix handling of dnssec-retry queries.
5dc4163 
Signed-off-by: DL6ER <dl6er@dl6er.de>
@DL6ER DL6ER added Bugfix Bug:Discourse Bug reported on Discourse forum labels Sep 18, 2022
@DL6ER DL6ER requested a review from a team September 18, 2022 10:08
@pralor-bot
Copy link

This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/log-entry-for-dns-type-type5335-with-reply-of-blob/57908/21

@yubiuser yubiuser merged commit a0f3edb into development Sep 18, 2022
@yubiuser yubiuser deleted the fix/dnssec-retry branch September 18, 2022 10:53
@DL6ER DL6ER mentioned this pull request Sep 18, 2022
Merged
@pralor-bot
Copy link

This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/pi-hole-ftl-v5-18-1-web-v5-15-1-and-core-v5-12-2-released/58022/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yubiuser yubiuser yubiuser approved these changes

Assignees
No one assigned
Labels
Bug:Discourse Bug reported on Discourse forum Bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DL6ER @pralor-bot @yubiuser