You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is not a support question, I have read about opensource and will send support questions to the IRC channel, Github Discussions or the mailing list.
When a client queries powerdns with a non-existing 8bit label, the server is not replying with the proper previous / next labels (jump to TLDR for the why)
dns query with a 8bit label: dig +noidnin +dnssec ANY é.example.net -p 5355 @localhost
Expected behaviour
Using "8bit" (binary) ordering, the query is [0xC3, 0xA9], the previous record should be z (0x7A), and the next one the origin:
z.example.net. 1200 IN NSEC example.net. TXT RRSIG NSEC
Actual behavior
The NSEC previous record is the origin, and the next is 0:
example.net. 1200 IN NSEC 0.example.net. A NS SOA MX RRSIG NSEC DNSKEY
TLDR;
Looking into the backend code, getBeforeAndAfterNamesAbsolute() is using qname.labelReverse().toString(), which is actually the textual representation of the qname.
So when searching for "é", it is instead looking up the\195\169 string (with the ASCII backslashes, and ASCII numbers) and returning the previous / next records of the zone relative to those characters.
Unfortunately I'm not confortable enough with the source to find a proper fix, .toDNSString() was a good candidate but it is using the wire format it seems
The text was updated successfully, but these errors were encountered:
Short description
When a client queries powerdns with a non-existing 8bit label, the server is not replying with the proper previous / next labels (jump to TLDR for the why)
Environment
Configuration
Zone contents
The zone content has no real relation with the issue, I've only used it to illustrate it
Steps to reproduce
8bit-dnsoption enabledpdnsutil load-zone example.net zone-with-a-few-recordspdnsutil add-zone-key example.net activepdnsutil rectify-zone example.netdig +noidnin +dnssec ANY é.example.net -p 5355 @localhostExpected behaviour
Using "8bit" (binary) ordering, the query is [0xC3, 0xA9], the previous record should be z (0x7A), and the next one the origin:
Actual behavior
The NSEC previous record is the origin, and the next is 0:
TLDR;
Looking into the backend code,
getBeforeAndAfterNamesAbsolute()is usingqname.labelReverse().toString(), which is actually the textual representation of the qname.So when searching for "é", it is instead looking up the
\195\169string (with the ASCII backslashes, and ASCII numbers) and returning the previous / next records of the zone relative to those characters.Unfortunately I'm not confortable enough with the source to find a proper fix,
.toDNSString()was a good candidate but it is using the wire format it seemsThe text was updated successfully, but these errors were encountered: