Bug #16094: pfBlocker-NG null blocking SERVFAIL - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #16094

open

pfBlocker-NG null blocking SERVFAIL

Added by Alec Fenichel about 1 month ago. Updated about 1 month ago.

Status:

Feedback

Priority:

Normal

Assignee:

Category:

pfBlockerNG

Target version:

pfSense - 2.8.0

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

25.03

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

The key for the dnsblDB dictionary is just q_name, meaning the same dictionary entry is used for all query types. The response answer is currently saved in the dictionary. If the first query is for AAAA, the response answer saved in the dictionary is an IPv6 address; otherwise it is an IPv4 address. Subsequent queries then always get the same response answer even if the answer is invalid for the query (e.g., the answer to an A query may be "::", or the answer to an MX query may be "0.0.0.0"). These invalid answers result in SERVFAIL errors because msg.set_return_msg(qstate) equals False when an invalid answer is appended.

Actions

Copy link

Updated by Marcos M about 1 month ago

Status changed from New to Feedback
Target version set to 2.8.0
Plus Target Version set to 25.03

https://github.com/pfsense/FreeBSD-ports/pull/1407

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #16094

pfBlocker-NG null blocking SERVFAIL

Updated by Marcos M about 1 month ago