domain.com.domain.com being looked up for local names?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Aug 24 02:01:53 UTC 1999 

	To answer the original question.  There should be a patch
	from your UNIX vendor to address this problem.  This was
	identified as a security problem in RFC 1535 (October 1993).

	BOTH the resolver *and* nslookup have had this behaviour,
	i.e. apply the search list *first*.  BOTH the resolver *and*
	nslookup have had their behaviour changed to apply the search
	list *last* when given a qualified name.  It is possible to
	change one and not the other but this is not usually the case.

	All this trace says is that the resolver is using the pre
	RFC 1535 resolver search algorithm.

	Mark

> Yep, here it is; commandline action followed by the debug output from
> named.run...
> 
> ----------------------------------
> 
> vader:/#> kill -USR1 127
> vader:/#> ping obiwan.shokk.com
> ^C
> vader:/#> kill -USR2 127
> 
> ----------------------------------
> 
> Debug level 1
> Version = named 8.2.1 Fri Jul  2 01:28:19 EDT 1999
>         root at vader:/nb/local/src/bind/src/bin/named
> conffile = /usr/local/etc/named.conf
> datagram from [216.164.43.139].32785, fd 24, len 44
> req: nlookup(obiwan.shokk.com.shokk.com) id 19 type=1 class=1
> req: found 'obiwan.shokk.com.shokk.com' as 'shokk.com' (cname=0)
> ns_req: answer -> [216.164.43.139].32785 fd=24 id=19 size=100 rc=3
> datagram from [216.164.43.139].32785, fd 24, len 34
> req: nlookup(obiwan.shokk.com) id 20 type=1 class=1
> req: found 'obiwan.shokk.com' as 'obiwan.shokk.com' (cname=0)
> ns_req: answer -> [216.164.43.139].32785 fd=24 id=20 size=95 rc=0
> Debug off
> 
> ----------------------------------
> 
> > -----Original Message-----
> > From: Michael Voight [mailto:mvoight at cisco.com]
> > Sent: Monday, August 23, 1999 5:43 PM
> > To: Ernie Oporto
> > Cc: comp-protocols-dns-bind at moderators.isc.org
> > Subject: Re: domain.com.domain.com being looked up for local names?
> >
> >
> > Are you sure??? nslookup might do this, ping using the resolver
> > generally doesn't.
> >
> > Michael
> >
> > Ernie Oporto wrote:
> > >
> > > Correction.  When I do a ping on the DNS server for that same
> > host, it also
> > > does the request for obiwan.shokk.com.shokk.com.  Seems like
> > these requests
> > > are only coming from the UNIX side.
> > >
> > > Is there a patch I might be missing?
> > >
> > > > -----Original Message-----
> > > > From: Michael Voight [mailto:mvoight at cisco.com]
> > > > Sent: Thursday, August 19, 1999 11:46 PM
> > > > To: Ernie Oporto
> > > > Cc: comp-protocols-dns-bind at moderators.isc.org
> > > > Subject: Re: domain.com.domain.com being looked up for local names?
> > > >
> > > >
> > > > How exactly did you do the lookup?
> > > > Did you use nslookup? Nslookup will always append the domain name to
> > > > what ever you enter if there is no ending dot. Try the same lookup and
> > > > put a trailing dot. NOTE: This is an nslookup oddity, not how standard
> > > > lookups are performed for telnet, etc
> > > >
> > > > Michael
> > > >
> > > > Ernie Oporto wrote:
> > > > >
> > > > > Putting BIND 8.2.1 into debug mode for me gives me the
> > following when
> > > > > resolving local addresses.  The names resolve on the second
> > > > > permutation, but why is the first one taking place.  I guess I could
> > > > > live with it if I had to, but this just doesn't look right.
> >  What would
> > > > > cause this?  Let me know if anyone wants to see
> > > > > my /usr/local/etc/named.conf or my /var/named/* files.
> > > > >
> > > > > Debug level 1
> > > > > Version = named 8.2.1 Fri Jul  2 01:28:19 EDT 1999
> > > > >         root at vader:/nb/local/src/bind/src/bin/named
> > > > > conffile = /usr/local/etc/named.conf
> > > > > datagram from [216.164.43.139].32787, fd 24, len 44
> > > > > req: nlookup(obiwan.shokk.com.shokk.com) id 24 type=1 class=1
> > > > > req: found 'obiwan.shokk.com.shokk.com' as 'shokk.com' (cname=0)
> > > > > ns_req: answer -> [216.164.43.139].32787 fd=24 id=24 size=100 rc=3
> > > > > datagram from [216.164.43.139].32787, fd 24, len 34
> > > > > req: nlookup(obiwan.shokk.com) id 25 type=1 class=1
> > > > > req: found 'obiwan.shokk.com' as 'obiwan.shokk.com' (cname=0)
> > > > > ns_req: answer -> [216.164.43.139].32787 fd=24 id=25 size=95 rc=0
> > > > > Debug off
> > > > >
> > > > > --
> > > > > http://www.geocities.com/SiliconValley/Park/9276
> > > > > ICQ-17933910  Ernie "Shokk" Oporto
> > > > >
> > > > > Sent via Deja.com http://www.deja.com/
> > > > > Share what you know. Learn what you don't.
> > > >
> >
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list