[Opendnssec-user] New BIND: EDNS incompatibility with 1.4.x?
Havard Eidnes
he at uninett.no
Thu May 30 19:39:36 UTC 2019
Following up on my own message (yes, I'll submit this also as a
formal bug report) -- it looks like this patch fixes the issue;
OpenDNSSEC wasn't "consuming" the entire EDNS OPT record, and the
addition of the COOKIE option made the remaining part have
non-zero length:
--- signer/src/wire/edns.c.orig 2017-01-20 14:57:50.000000000 +0000
+++ signer/src/wire/edns.c
@@ -123,6 +123,7 @@ edns_rr_parse(edns_rr_type* err, buffer_
uint16_t opt_class;
uint8_t opt_version;
uint16_t opt_flags;
+ uint16_t opt_rdlen;
if (!err || !buffer) {
ods_log_debug("[%s] parse: no edns rr or no packet buffer available",
@@ -148,7 +150,8 @@ edns_rr_parse(edns_rr_type* err, buffer_
(void)buffer_read_u8(buffer); /* opt_extended_rcode */
opt_version = buffer_read_u8(buffer);
opt_flags = buffer_read_u16(buffer);
- (void)buffer_read_u16(buffer); /* opt_rdlen */
+ opt_rdlen = buffer_read_u16(buffer);
+ buffer_skip(buffer, opt_rdlen);
if (opt_version != 0) {
/* The only error is VERSION not implemented */
Regards,
- Havard
More information about the Opendnssec-user
mailing list