Hi,
i am sorry, but there is the bug in the fix of Mrs.Brisby, too :-(
Thus, even ldapdns 2.06 does not work correctly.
It works more similar to a bind DNS-Server if the
attached patch is applied against 2.06.
Regards and thank you,
Olli
PS: @Piotr - sorry if you get this message twice,
i wanted to be sure, that Debian knows
about the state of this package, thus,
i sent this report to the corresponding
bug, too...
----- Forwarded message from Oliver Tschaeche <[EMAIL PROTECTED]> -----
From: Oliver Tschaeche <[EMAIL PROTECTED]>
To: "Mrs. Brisby" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: ldapdns behaviour in case of A-Record requests
X-Spambayes-Classification: ham; 0.00
X-UID: 830
X-Keywords:
Hi,
On Thu, Dec 30, 2004 at 10:09:51PM -0500, Mrs. Brisby wrote:
> support for this behavior has been added to 2.06
>
> which will be released by tomorrow.
Recently Debian offers ldapdns-2.06 in a package.
I tried it and i see the SOA record now. Unfortunately,
2.06 serves the SOA within the Answering-Section, but other DNS
servers provide the SOA in the Authority-Section for
A, CNAME, MX (non ANY/SOA) requests. For ANY/SOA requests,
they are okay in the answer-section.
I attached a little patch against version 2.06,
which works for me, but i am not completely sure
about it's fixed right. Would you put an eye on it?
Thank you,
Olli
> On Tue, 2004-09-07 at 16:47 +0200, Oliver Tschaeche wrote:
> > Hi Mrs. Brisby,
> >
> > we are using ldapdns-2.05-2 from Debian-Sarge.
> > We entered the following problem:
> >
> > There is a domain e.g. 'haddenbrock.de' with one SOA, several NS, one MX
> > record and _no_ A record.
> >
> > Some MUAs seem to be configured to request an A record for the sender
> > domain.
> > A caching nameserver (not ldapdns) responds with SERVFAIL, which is
> > interpreted by the MUA that the domain temporarily does not resolve.
> > Then, after 5 days the mail is sent back :-(
> >
> > This happens because ldapdns responds with NoData and the NS records,
> > but does not supply the SOA record for A record requests. According
> > to RFC 2308 this data is interpreted as referral, making the requesting
> > nameserver to request the data from a nameserver listed in the NS records,
> > but the caching nameserver already asks that nameserver...
> >
> > Our workaround is to supply an A record with each zone.
> > Of course, the proper solution would be to fix ldapdns behaviour,
> > sending the SOA record as well. Therefore, i wrote this mail.
> >
> > I would appreciate to help fixing that,
> > tell us if you need more information.
> >
> > Thank you,
> >
> > Olli
> >
--
Oliver Tschäche Tel.: 09134/909787
Welluckenweg 4 Mobil: 0177/5369088
91077 Neunkirchen Email: [EMAIL PROTECTED]
--- engine.c.old 2005-05-09 19:54:35.000000000 +0200
+++ engine.c 2005-05-09 19:56:15.000000000 +0200
@@ -2168,7 +2168,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
/* also included SOA */
@@ -2269,7 +2269,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
/* also included SOA */
@@ -2337,7 +2337,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
/* also included SOA */
@@ -2376,7 +2376,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
/* also included SOA */
@@ -2434,7 +2434,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
while ((dat = list_pop(&c->NS))) {
if (!response_rstart(c, c->request_name_zone, DNS_T_NS,
c->ttl)
----- End forwarded message -----
--
Oliver Tschäche Tel.: 09134/909787
Welluckenweg 4 Mobil: 0177/5369088
91077 Neunkirchen Email: [EMAIL PROTECTED]
--- engine.c.old 2005-05-09 19:54:35.000000000 +0200
+++ engine.c 2005-05-09 19:56:15.000000000 +0200
@@ -2168,7 +2168,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
/* also included SOA */
@@ -2269,7 +2269,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
/* also included SOA */
@@ -2337,7 +2337,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
/* also included SOA */
@@ -2376,7 +2376,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
/* also included SOA */
@@ -2434,7 +2434,7 @@
|| !response_addulong(c, c->minimum)) {
fatal("could not construct SOA");
}
- response_rfinish(c, RESPONSE_ANSWER);
+ response_rfinish(c, RESPONSE_AUTHORITY);
}
while ((dat = list_pop(&c->NS))) {
if (!response_rstart(c, c->request_name_zone, DNS_T_NS,
c->ttl)
