[rbldnsd] NotImpl when AA bit is set in request...

[Michael Tokarev]

askthelist at gmail.com wrote:
>   rbldnsd is returning "Not Implemented" in responses to requests in 
> which the DNS AA (Authoritative Answer) bit is set... This may seem 
> strange and an odd request, but Is there a way to configure rbldnsd to 
> ignore this bit in requests and respond to the query anyway? If there is 

Yes indeed this is strange, more than strange.

This bit is used for ANSWERS (as it's authoritative ANSWER), it can't
be set in queries.  Just like some other bits, like RA (recursion available).

> I couldnt find it and havent been able to find much documentation on the 
> subject. I've sifted through the source code and it seems the relevant 
> code would be in the rbldnsd_packet.c/dns.h source files but since my C 
> skills are non-existant it would be great if someone can provide a hack 
> for me to implement this...

There's no config option for this, and yes it's in the source.  In
rbldnsd_packet.c file, in function named replypacket(), there's this
code:

   if (h[p_f1] & (pf1_opcode | pf1_aa | pf1_tc | pf1_qr)) {
     h[p_f1] = pf1_qr;
     refuse(DNS_R_NOTIMPL);
   }

You can just comment it out.  But this is WRONG.  In a way similar to
the way it drops packets when QR flag is set -- ie, when it's a
reply, not a query.  Imagine someone sends out a query with a fake
source address equal to the address of the server itself -- the server
replies to this packet, and the reply goes back to the same server,
which now interprets the reply as new query and replies to it and
so on ad infinitum... The bit you're talking about should NEVER, EVER
be set in a query, and no sane DNS client software will set it.
Something's seriously wrong on your client side.

And by the way, returning NOTIMPL here is questionable as well --
maybe FORMERR is better.  But in any way it's a clear error,
clearly wrong packet, and I don't know how to implement its
processing...

/mjt