Project

General

Profile

Actions
Copy link

Bug #14853

open

Missing response for AAAA or A queries for blacklisted domains in Python mode

Added by Andre Brait about 1 year ago. Updated about 1 year ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

In Python mode, when a domain is blacklisted, the result gets cached in the dnsblDB dictionary for caching and faster retrieval in future requests.

If found there, the response is assembled from the stored data. Currently, that includes the IP address included in the response.

That works ok if the first query comes for an a given record type, and that one gets repeated, but it results in an empty response if the recorded IP address is incompatible with the expected response (e.g. the cached result for an A record will contain 10.10.10.1, but the current query is for an AAAA record, thus failing to respond with the proper AAAA address, or vice-versa if the AAAA record is queried first.

Steps to reproduce:

1. Switch to Python mode with DNSBL Blocking turned ON
2. Add a domain to the blacklist through the Feeds
3. Query the AAAA (or A) record for that domain. It should contain a valid IP address.
4. Query the A (or AAAA, if the first one was A) record for that domain
5. The last response will contain no IP address

In order to test it the other way around, just restart the DNS Resolver service or Update DNSBL again.

Example:

andre@Andre-PC MSYS ~
$ dig AAAA www.top-daily-profit.com

; <<>> DiG 9.17.15 <<>> AAAA www.top-daily-profit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35220
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;www.top-daily-profit.com.      IN      AAAA

;; ANSWER SECTION:
www.top-daily-profit.com. 60    IN      AAAA    ::10.10.10.1

;; Query time: 27 msec
;; SERVER: 10.0.0.1#53(10.0.0.1) (UDP)
;; WHEN: Sat Oct 07 21:23:58 Romance Summer Time 2023
;; MSG SIZE  rcvd: 81

andre@Andre-PC MSYS ~
$ dig A www.top-daily-profit.com

; <<>> DiG 9.17.15 <<>> A www.top-daily-profit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9356
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;www.top-daily-profit.com.      IN      A

;; Query time: 11 msec
;; SERVER: 10.0.0.1#53(10.0.0.1) (UDP)
;; WHEN: Sat Oct 07 21:24:02 Romance Summer Time 2023
;; MSG SIZE  rcvd: 53
Actions
Copy link

Also available in: Atom PDF