BIND 9.3.5-P1 considered toxic

Vernon Schryver vjs@calcite.rhyolite.com
Sun Nov 2 22:44:45 UTC 2008


A DCC installation had an odd problem last week.  It seemed that the
one of a pair of private DCC servers was receiving malformed DCC requests
from all over the Internet.  The owner noticed that the IP addresses
were of DNS servers and made the connection with a BIND patch intended
to vary DNS client port numbers.

Sure enough,
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.5-P2 says in part:

    2396.       [bug]        Don't set SO_REUSEADDR for randomized ports.

It seems that 9.3.5-P1 is crazy about varying its source UDP port
numbers.  It not only doesn't care about playing nice, but actively
tries to step on ports in use by other applications with
setsockopt(SO_REUSEADDR).

When a DCC server (dccd) or client (dccproc, dccifd, or dccm) gets a
screwball DNS packet that is really a DNS response, the DNS recursing
server does not get the DNS packet it is waiting for.  Conversely, when
the DNS recursing server gets a screwball DNS response that is really
a DCC packet, the DCC client or server does not get its DCC packet.

I don't know if more applications than recursing DNS servers and
DCC clients and servers are affected by that bug, but I wouldn't
be surprised.

Installing BIND 9.3.5-P2 (perhaps via a Sun patch) fixed the problem.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.