Opened 7 years ago

Closed 6 years ago

#2174 closed defect (wontfix)

Various issues with NSAS_WRONG_ANSWER log message

Reported by: jreed Owned by:
Priority: medium Milestone: DNS Outstanding Tasks
Component: resolver Version:
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DNS Feature Depending on Ticket:
Estimated Difficulty: 8 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

The messages documentation has:

NSAS_WRONG_ANSWER queried for %1 RR of type/class %2/%3, received response %4/%5

    A NSAS (nameserver address store - part of the resolver) made a query for a resource record of a particular type and class, but instead received an answer with a different given type and class.

    This message indicates an internal error in the NSAS. Please raise a bug report. 

The definition of ERROR is:

Something has happened such that the program can continue but the
results for the current (or future) operations cannot be guaranteed to
be correct, or the results will be correct but the service is impaired.
For example, the program started but attempts to open one or more network
interfaces failed.

The log message I saw is:

2012-07-31 15:21:20.q ERROR [b10-resolver.nsas] NSAS_WRONG_ANSWER queried for dns1.nj2.dns-roots.net. RR of type/class AAAA/IN, received response CNAME/IN

Well I can manually see that a query for AAAA using @dns1.nyc.dns-roots.net. does answer with a CNAME. And following that CNAME does not have a AAAA.

I am opening this ticket for:

1) docs says it "indicates an internal error in the NSAS. Please raise a bug report."

2) Maybe ERROR is the wrong logging severity. Why is it an ERROR because a response (or query) from outside should not cause the program to misbehave.

3) The log message itself is confusing. Is it wrong to receive a CNAME response?

4) The log message doesn't tell us what server it queried and received the answer from.

Subtickets

Change History (5)

comment:1 Changed 7 years ago by vorner

Well, the problem is, the query referred here was from one part of the resolver to the NSAS. And the NSAS is not supposed to return CNAME, it's supposed to handle it and then return the AAAA (or say it isn't there). It's not CNAME from outside, it's CNAME from a place we control.

About 4) ‒ it's because nobody knows at the time where the data originally came from. It might have been one of many servers or the cache.

comment:2 Changed 7 years ago by muks

  • Summary changed from NSAS_WRONG_ANSWER to Various issues with NSAS_WRONG_ANSWER log message

comment:3 Changed 7 years ago by shane

  • Milestone New Tasks deleted

comment:4 Changed 6 years ago by stephen

  • Milestone set to DNS Outstanding Tasks

comment:5 Changed 6 years ago by tomek

  • Resolution set to wontfix
  • Status changed from new to closed

DNS and BIND10 framework is outside of scope for Kea project.
The corresponding code has been removed from Kea git repository.
If you want to follow up on DNS or former BIND10 issues, see
http://bundy-dns.de project.

Closing ticket.

Note: See TracTickets for help on using tickets.