Skip to content

Bind returning malformed packet error when sshfp record has fingerprint value less than 4 characters

Summary

Bind returning malformed packet error when sshfp record has fingerprint value less than 4 characters

BIND version used

BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3

Steps to reproduce

zone has sshfp records has follows test1.ramesh-sshfp.com. 86400 IN SSHFP 1 1 aa test2.ramesh-sshfp.com. 86400 IN SSHFP 1 1 00

What is the current bug behavior?

Returning malformed error and no answer

[qa][root@regression-bind-useast1a01-01 zones]# dig @localhost test2.ramesh-sshfp.com. sshfp
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost test2.ramesh-sshfp.com. sshfp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49768
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: Messages has 55 extra bytes at end

;; QUESTION SECTION:
;test2.ramesh-sshfp.com.                IN      SSHFP

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 31 13:29:18 2019
;; MSG SIZE  rcvd: 107

[qa][root@regression-bind-useast1a01-01 zones]# dig @localhost test1.ramesh-sshfp.com. sshfp
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost test1.ramesh-sshfp.com. sshfp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23302
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: Messages has 55 extra bytes at end

;; QUESTION SECTION:
;test1.ramesh-sshfp.com.                IN      SSHFP

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 31 13:29:23 2019
;; MSG SIZE  rcvd: 107

What is the expected correct behavior?

If the value is correct we should return answer. if the value is wrong, bind should validate and should not start

Relevant configuration files

(Paste any relevant configuration files - please use code blocks (```) to format console output. If submitting the contents of your configuration file in a non-confidential Issue, it is advisable to obscure key secrets: this can be done automatically by using named-checkconf -px.)

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code, as it's very hard to read otherwise.)

Possible fixes

(If you can, link to the line of code that might be responsible for the problem.)

Edited by Mark Andrews
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information