-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ian,
On 11/19/2015 09:47 PM, Ian Cohee via Unbound-users wrote: > Hello all, > > One of our engineers discovered some interesting behavior while > testing bad EDNS RRs in Unbound. He discovered that Unbound > properly checks and identifies a truncated OPT RR as a FORMERR, but > then returns the truncated OPT RR, resulting in a malformed > response to a malformed request. I have attached a PCAP file that > should contain the malformed requests/responses. There is a fix now, unbound will remove the EDNS section from that reply. This may cause the sender to think the server does not support EDNS and then drop EDNS from its queries - and that is exactly right because its EDNS contents cannot be parsed. Best regards, Wouter > > Has anyone observed this behavior, and if so, had issues from it? > > I'd also like to hear some opinions about this behavior. > > Thanks, > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWTuPEAAoJEJ9vHC1+BF+NILoP/3p5vOMjgVKcB4BDN+jEO7AK 1Xz8cEEzRQVrc/XyetuedKUAvqSzzupdrYTfmakUdFPkMHaTX3vWA1okAOKvyn3J ECs/nXc+yxeOt3+9zdHZiw8ZxrfOYpmgQ7/3OUH+kVIZh9kz+ionryu1lC8Th7kn 3COhfoGKW7An6AMMU0/ORWXn9/IydAjAqdaLnKgaLXHlSrxgsZ42KZWqctud9nmV SUyVkLsgpaFn2vps2xcf+MV2vYe+1XW4PxIQvS2mto4vO4X1xq+RhxLFjPzmciyp 4JneId06iKKSSvctq10OjN/FJOeIcK+GT8M/fuUafTLjlclTcPSOdA6ES6hwtuwE /0mM9ErTN02yAMHAfL74ACejQPZTTO757QNN98FRa8NDEFmOjf4FP5uJlhG/SDb0 u4Np/gF5KFab42K3dRl5jhM5ZX+P2egYNMeMDBJ/XxV0As0Nioji47sTjvTli3Q6 CsMbsllTLZLUgKOyPySvbAK/El25QjIX1iCPIhpbQzirsH67dI5qsVEFfC3Mpa1O 1ufrEingaHBhjp1nF/g5om8jBdNTVafSIgpfNJCbKEEZXsAwQQ50YkU1wxybPkBV iTBA6X4Je3g3c+FEgxlPYoKRirptiTgTvn8xRQ7y87gLMwmxcvYN60gbM5cbwHA/ kuKFJiRjoeh7zY2pldWm =dDVK -----END PGP SIGNATURE-----