Project

General

Profile

Actions
Copy link

Bug #16094

closed

pfBlocker-NG null blocking SERVFAIL

Added by Alec Fenichel 6 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

The key for the dnsblDB dictionary is just q_name, meaning the same dictionary entry is used for all query types. The response answer is currently saved in the dictionary. If the first query is for AAAA, the response answer saved in the dictionary is an IPv6 address; otherwise it is an IPv4 address. Subsequent queries then always get the same response answer even if the answer is invalid for the query (e.g., the answer to an A query may be "::", or the answer to an MX query may be "0.0.0.0"). These invalid answers result in SERVFAIL errors because msg.set_return_msg(qstate) equals False when an invalid answer is appended.

Actions
Copy link
 #1

Updated by Marcos M 6 months ago

  • Status changed from New to Feedback
  • Target version set to 2.8.0
  • Plus Target Version set to 25.03
Actions
Copy link
 #2

Updated by Jim Pingle 2 months ago

  • Plus Target Version changed from 25.03 to 25.07
Actions
Copy link
 #3

Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Resolved
  • Target version deleted (2.8.0)
  • Plus Target Version deleted (25.07)
Actions
Copy link

Also available in: Atom PDF