Opened 16 years ago
Last modified 12 years ago
#97 new defect
[DoS] DNS should be asynchronous, and cache
Reported by: | geofft@MIT.EDU | Owned by: | nelhage@mit.edu |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | internals | Keywords: | |
Cc: |
Description
It is kind of poor that if I get sent a few hundred zephyrs from an IP address that doesn't reverse-resolve, barnowl locks up for 10 seconds or so per zephyr waiting for DNS and mDNS to determine that no, in fact, this address doesn't reverse-resolve to anything. This would be fixed by resolving addresses asynchronously (e.g., libares or libadns), and caching resolutions for at least a few minutes. Another solution would be to not look up IP addresses until they're needed to render the message or display the info popup.
Not sure if this is a barnowl bug or a libzephyr bug.
Change History (5)
comment:1 Changed 16 years ago by kchen@MIT.EDU
comment:2 Changed 16 years ago by geofft@MIT.EDU
That doesn't really help mDNS/Avahi, which is where most of my time spent timing out is. 192.168.1.12, the IP in question, resolves pretty quickly to NXDOMAIN on the public internet, and regardless it would have gotten cached.
comment:3 Changed 16 years ago by kcr@mit.edu
Pretty clearly not libzephyr; it doesn't do any ip address lookup at all for incoming messages. (unless you're demanding an asynchronous reverse-resolver in the library...)
comment:4 Changed 16 years ago by andersk@mit.edu
Yeah, definitely BarnOwl.
message.c:856: hent = gethostbyaddr(&n->z_uid.zuid_addr, sizeof(n->z_uid.zuid_addr), AF_INET);
comment:5 Changed 13 years ago by andersk@mit.edu
We should remember the IP, too, because reverse DNS could theoretically be spoofed to anything.
My first instinct is "That's what your caching nameserver is for."
But then, that's a different bug, given that BIND doesn't cache authoritative nameserver timeouts. (Nameservers do cache negative responses, though.)
There's a thread on bind-users about this issue at https://lists.isc.org/mailman/htdig/bind-users/2003-August/045152.html , but I can't actually find the original message. I also don't think anything happened with it.