Report information
The Basics
Id:
45408
Status:
open
Priority:
Medium/Medium
Queue:
bind9-public
People
BugTracker
Version Fixed:
(no value)
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Documentation
Area:
feature
Dates
Created:Mon, 19 Jun 2017 14:47:59 -0400
Updated:Wed, 16 Aug 2017 15:58:32 -0400
Closed:Not set

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Mon, 19 Jun 2017 14:47:59 -0400 Tony Finch <dot@dotat.at> - Ticket created
CC: "Tony Finch" <dot@dotat.at>
Subject: dig +ignore +notcp
Date: Mon, 19 Jun 2017 19:47:51 +0100
To: bind9-bugs@isc.org
From: "Tony Finch" <dot@dotat.at>

I got massively confused this afternoon by this commit which defaults to TCP for QTYPE=ANY queries. https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=033a59090c5369f0d34951fdabfeedb60b5669ad This is a sensible default, but I think it has made a confusing aspect of dig even more confusing. Until now, dig +notcp has been (for most purposes) a no-op. The thing that makes it confusing is that it does not mean, as a newbie would expect, that dig should not use TCP (except for the rather obscure IXFR). In most cases where you want dig not to use TCP, you have to say dig +ignore. However this does not mean "do not use TCP" for QTYPE=IXFR or (now) for QTYPE=ANY. The patch below harmonizes the behaviour of +notcp and +ignore. I haven't done a full-on unification since that will probably be unhelpful for experts. --- bin/dig/dig.c | 12 ++++++++---- bin/dig/dig.docbook | 9 +++++++++ bin/dig/dighost.c | 2 +- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 762ab01..fe775e4 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1786,7 +1786,8 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, (*lookup)->ixfr_serial = serial; (*lookup)->section_question = plusquest; (*lookup)->comments = pluscomm; - if (!(*lookup)->tcp_mode_set) + if (!(*lookup)->tcp_mode_set && + !(*lookup)->ignore) (*lookup)->tcp_mode = ISC_TRUE; } else { (*lookup)->rdtype = rdtype; @@ -1796,7 +1797,8 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, (*lookup)->section_question = plusquest; (*lookup)->comments = pluscomm; } else if (rdtype == dns_rdatatype_any) { - if (!(*lookup)->tcp_mode_set) + if (!(*lookup)->tcp_mode_set && + !(*lookup)->ignore) (*lookup)->tcp_mode = ISC_TRUE; } (*lookup)->ixfr_serial = ISC_FALSE; @@ -2097,7 +2099,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, lookup->section_question = plusquest; lookup->comments = pluscomm; - if (!lookup->tcp_mode_set) + if (!lookup->tcp_mode_set && + !lookup->ignore) lookup->tcp_mode = ISC_TRUE; } else { lookup->rdtype = rdtype; @@ -2110,7 +2113,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, } if (rdtype == dns_rdatatype_any && - !lookup->tcp_mode_set) + !lookup->tcp_mode_set && + !lookup->ignore) lookup->tcp_mode = ISC_TRUE; lookup->ixfr_serial = ISC_FALSE; } diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index e262d24..87fc3d8 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -780,6 +780,10 @@ Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. </para> + <para> + This option also disables the default use of TCP for ANY + and IXFR query types. + </para> </listitem> </varlistentry> @@ -1072,6 +1076,11 @@ query is requested, in which case the default is TCP. AXFR queries always use TCP. </para> + <para> + <command>dig +notcp</command> ignores truncated UDP + responses and does not retry with TCP, unless you also + explicitly use the <literal>+noignore</literal> option. + </para> </listitem> </varlistentry> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 1030afc..f465c85 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -4012,7 +4012,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { return; } if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 && - !l->ignore && !l->tcp_mode) { + !l->ignore && !l->tcp_mode && !l->tcp_mode_set) { if (l->cookie == NULL && l->sendcookie && msg->opt != NULL) process_opt(l, msg); if (l->comments) -- 2.10.1.445.g3cdd5d1
Wed, 21 Jun 2017 06:54:31 -0400 Stephen Morris <stephen@isc.org> - Priority P2 Normal added
Wed, 21 Jun 2017 06:54:31 -0400 Stephen Morris <stephen@isc.org> - Area feature added
Wed, 21 Jun 2017 06:54:31 -0400 Stephen Morris <stephen@isc.org> - Severity S2 Normal added
Wed, 21 Jun 2017 06:54:31 -0400 Stephen Morris <stephen@isc.org> - Component BIND Utilities added
Wed, 21 Jun 2017 06:54:31 -0400 Stephen Morris <stephen@isc.org> - Subject changed from 'dig +ignore +notcp' to '[PATCH] dig +ignore +notcp'
Wed, 28 Jun 2017 16:09:46 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public
  Wed, 16 Aug 2017 15:58:31 -0400 Vicky Risk <vicky@isc.org> - Correspondence added

After discussing this in BIND-developer meeting on August 9, we decided that Evan would update the documentation to explain the current behavior. This behavior IS confusing, but there was a feeling that this patch was not an ideal solution. We will probably not accept the patch, but leaving the ticket open until the documentation is updated.
Wed, 16 Aug 2017 15:58:32 -0400 The RT System itself - Status changed from 'new' to 'open'
Wed, 16 Aug 2017 15:58:32 -0400 Vicky Risk <vicky@isc.org> - Given to Evan Hunt <Evan_Hunt@isc.org>
Wed, 16 Aug 2017 15:58:32 -0400 Vicky Risk <vicky@isc.org> - Component BIND Utilities changed to BIND Documentation