Skip to content

ICMP error messages causing BIND9 to send more queries than intended

After further testing, I found another type of ICMP response that could also force BIND9 to enter the aggressive query state via UDP like Knot Resolver via TCP (https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html)

The case is that after receiving an ICMP error message (Type 3, Code 0/2), BIND9 will try to send 100 queries towards the same remote server, which bypasses the query limit of about 13.

For type 3, code 3 ICMP error message, BIND9 just returns an error to the receiving function and stops resolution.

For type 3, code 0 or 2, BIND9 continues to send queries 100 times to the same server, which bypasses the query limit (no more than around 13 times).

The PoC log from BIND9 shows BIND9 continues to send 100 queries after receiving an ICMP type 3 code 0 message when it resolves my domain, i30.sw.nameserver.fit.

bind-icmp-type3-code0-poc.log bind-icmp-type3-code0-reproduction.pdf

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information