Why KnotDNS return a packet with rcode 2 after receiving the unique packet from the upstream DNS server?
Hi,
Describe
When KnotDNS receives the unique packet from the upstream DNS server, it returns a packet with a RCODE of 2 to the client. While other authoritative dns servers like Unbound and Bind do the same test then they send back a RCODE of 0.
To reproduce
- Start the fake upstream dns server
Download these tow file and run like this:
https://643684107.oss-cn-beijing.aliyuncs.com/knot/dns_server_from_file.py
https://643684107.oss-cn-beijing.aliyuncs.com/knot/dns_response
python3 dns_server_from_file.py dns_response
- Start the KnotDNS, the
knot.conf
are as follows:
-- SPDX-License-Identifier: CC0-1.0
-- vim:syntax=lua:set ts=4 sw=4:
-- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/
-- Network interface configuration
net.listen('127.0.0.1', 5555, { kind = 'dns' })
--net.listen('127.0.0.1', 853, { kind = 'tls' })
--net.listen('127.0.0.1', 443, { kind = 'doh2' })
--net.listen('::1', 53, { kind = 'dns', freebind = true })
--net.listen('::1', 853, { kind = 'tls', freebind = true })
--net.listen('::1', 443, { kind = 'doh2' })
-- Load useful modules
modules = {
'policy',
'view',
}
modules.unload('priming')
trust_anchors.remove('.')
log_level('debug')
-- Cache size
cache.size = 100 * MB
-- view:addr('127.0.0.1/8', function (req, qry) return policy.PASS end)
policy.add(policy.all(policy.STUB({'127.0.0.1'})))
Then run like this:
./kresd -c knot.conf -n
- Use python script to send the request packet to KnotDNS.
Download these tow file and run like this:
https://643684107.oss-cn-beijing.aliyuncs.com/knot/dns_request.py
https://643684107.oss-cn-beijing.aliyuncs.com/knot/dns_request
python3 dns_request.py dns_request 5555
The result of the script:
Sending DNS query to 127.0.0.1:5555
DNS query data:
0000 31 32 01 00 00 01 00 00 00 00 00 00 03 66 6F 6F 12...........foo
0010 07 65 78 61 6D 70 6C 65 00 00 FF 00 01 .example.....
Received DNS response from 127.0.0.1:5555
DNS response data:
0000 31 32 81 82 00 01 00 00 00 00 00 00 03 66 6F 6F 12...........foo
0010 07 65 78 61 6D 70 6C 65 00 00 FF 00 01 .example.....
QR: 1
Opcode: 0
AA: 0
TC: 0
RD: 1
RA: 1
Z: 0
AD: 0
CD: 0
Rcode: 2
We can find that the Rcode is 2, but I try other DNS resolver like Bind or PowerDNS to do the same test, the result are as follows:
DNS query data:
0000 31 32 01 00 00 01 00 00 00 00 00 00 03 66 6F 6F 12...........foo
0010 07 65 78 61 6D 70 6C 65 00 00 FF 00 01 .example.....
Received DNS response from 127.0.0.1:7777
DNS response data:
0000 31 32 81 80 00 01 00 06 00 00 00 00 03 66 6F 6F 12...........foo
0010 07 65 78 61 6D 70 6C 65 00 00 FF 00 01 C0 0C 00 .example........
0020 2E 00 01 00 00 0E 10 00 44 00 2F 03 02 00 00 0E ........D./.....
0030 10 55 C2 6E 21 55 9A E1 21 44 F4 07 65 78 61 6D .U.n!U..!D..exam
0040 70 6C 65 00 04 4A 1F 3F FB 59 60 5A 09 DE 2F 23 ple..J.?.Y`Z../#
0050 EA EC C9 8C 9E 22 BE 33 ED C6 81 93 12 27 8C E8 .....".3.....'..
0060 53 38 E8 29 A2 9C 39 98 2E 1C 0D CD 02 C0 0C 00 S8.)..9.........
0070 2F 00 01 00 00 0E 10 00 18 06 66 75 74 75 72 65 /.........future
0080 07 65 78 61 6D 70 6C 65 00 00 06 40 00 80 00 00 .example...@....
0090 03 C0 0C 00 2E 00 01 00 00 01 2C 00 44 00 10 03 ..........,.D...
00A0 02 00 00 01 2C 55 C2 6E 21 55 9A E1 21 44 F4 07 ....,U.n!U..!D..
00B0 65 78 61 6D 70 6C 65 00 04 58 21 E2 42 05 05 54 example..X!.B..T
00C0 03 F4 0F 49 9B 53 29 2F 82 47 04 CB 1A AB 5F D1 ...I.S)/.G...._.
00D0 93 C3 F2 56 28 13 0F 01 B4 A5 4E 93 69 4D 78 C2 ...V(.....N.iMx.
00E0 5C C0 0C 00 10 00 01 00 00 01 2C 00 08 07 74 65 \.........,...te
00F0 73 74 69 6E 67 C0 0C 00 2E 00 01 00 00 01 2C 00 sting.........,.
0100 44 00 01 03 02 F7 FF 01 2C 55 C2 6E 21 55 9A E1 D.......,U.n!U..
0110 21 44 F4 07 65 78 61 6D 70 6C 65 00 04 89 C7 D2 !D..example.....
0120 4E E3 23 E9 1C A9 C7 B6 85 53 7F 12 72 9A E3 48 N.#......S..r..H
0130 D8 06 C6 29 70 67 1C E7 5D 6F D5 74 EF BB 96 14 ...)pg..]o.t....
0140 CB 72 4B 74 A2 C0 0C 00 01 00 01 00 00 01 2C 00 .rKt..........,.
0150 04 0A 00 01 00 .....
QR: 1
Opcode: 0
AA: 0
TC: 0
RD: 1
RA: 1
Z: 0
AD: 0
CD: 0
Rcode: 0
The Rcode is 0. So which Rcode is true? Why?
Additional information
The details of the request packet(dns_client) from client are as follows:
HEADER
31 32 01 00 00 01 00 00 00 00 00 00
QUESTION
03 66 6F 6F 07 65 78 61 6D 70 6C 65 00 00 FF 00 01
ANSWER
AUTHORITY
ADDITIONAL
The details of the response packe(dns_response) from the fake server are as follows:
HEADER
31 32 84 00 00 01 00 06 00 03 00 05
QUESTION
03 66 6F 6F 07 65 78 61 6D 70 6C 65 00 00 FF 00 01
ANSWER
C0 0C 00 01 00 01 00 00 01 2C 00 04
0A 00 01 00
C0 0C 00 2E 00 01 00 00 01 2C 00 44
00 01 03 02 F7 FF 01 2C 55 C2 6E 21 55 9A E1 21
44 F4 07 65 78 61 6D 70 6C 65 00 04 89 C7 D2 4E
E3 23 E9 1C A9 C7 B6 85 53 7F 12 72 9A E3 48 D8
06 C6 29 70 67 1C E7 5D 6F D5 74 EF BB 96 14 CB
72 4B 74 A2
C0 0C 00 10 00 01 00 00 01 2C 00 08
07 74 65 73 74 69 6E 67
C0 0C 00 2E 00 01 00 00 01 2C 00 44
00 10 03 02 00 00 01 2C 55 C2 6E 21 55 9A E1 21
44 F4 07 65 78 61 6D 70 6C 65 00 04 58 21 E2 42
05 05 54 03 F4 0F 49 9B 53 29 2F 82 47 04 CB 1A
AB 5F D1 93 C3 F2 56 28 13 0F 01 B4 A5 4E 93 69
4D 78 C2 5C
C0 0C 00 2F 00 01 00 00 0E 10 00 18
06 66 75 74 75 72 65 07 65 78 61 6D 70 6C 65 00
00 06 40 00 80 00 00 03
C0 0C 00 2E 00 01 00 00 0E 10 00 44
00 2F 03 02 00 00 0E 10 55 C2 6E 21 55 9A E1 21
44 F4 07 65 78 61 6D 70 6C 65 00 04 4A 1F 3F FB
59 60 5A 09 DE 2F 23 EA EC C9 8C 9E 22 BE 33 ED
C6 81 93 12 27 8C E8 53 38 E8 29 A2 9C 39 98 2E
1C 0D CD 02
AUTHORITY
C1 23 00 02 00 01 00 00 01 2C 00 06
03 6E 73 32 C1 23
C1 23 00 02 00 01 00 00 01 2C 00 06
03 6E 73 33 C1 23
C1 23 00 2E 00 01 00 00 01 2C 00 44
00 02 03 01 00 00 01 2C 55 C2 6E 21 55 9A E1 21
44 F4 07 65 78 61 6D 70 6C 65 00 04 44 68 1F B4
AA C3 2C C8 54 4B CC 9D 82 77 C6 23 37 74 77 5A
2B 66 21 00 2C 61 C5 DD 6C 0A 05 2F 1C 7F B6 45
D4 7B 12 6A
ADDITIONAL
C1 61 00 01 00 01 00 00 01 2C 00 04
0A 35 00 02
C1 73 00 01 00 01 00 00 01 2C 00 04
0A 35 00 03
C1 61 00 2E 00 01 00 00 01 2C 00 44
00 01 03 02 00 00 01 2C 55 C2 6E 21 55 9A E1 21
44 F4 07 65 78 61 6D 70 6C 65 00 04 23 15 51 F3
86 59 19 10 8B 39 69 6C EF 9A F9 16 AD B6 A4 FB
1B 96 0C DB 14 8D A4 0F A9 0B E1 DB A1 EA 65 D5
ED 56 1C EA
C1 73 00 2E 00 01 00 00 01 2C 00 44
00 01 03 02 00 00 01 2C 55 C2 6E 21 55 9A E1 21
44 F4 07 65 78 61 6D 70 6C 65 00 04 D2 B2 19 3A
04 AF 2B A5 A8 43 1F 03 EE 60 8F 44 47 BF F8 36
C5 DB 35 FA 08 6B 86 96 0F 26 6C EE 5C 0A DF 56
25 D1 01 A6
00 00 29 10 00 00 00 80 00 00 00