dnsparanoia broken in 1.0.11?

wlan at mac.com wlan at mac.com
Tue Apr 1 17:38:12 UTC 2008


No, it looks to be doing it's job. It drops packets with type codes  
other than 1 (A records) and 5 (CNAME records). Perhaps it is being  
too restrictive... I'll revisit this when I have a chance. In the  
meantime, simply turn off the feature. Btw, are you _actually_ having  
a problem with people using DNS tunnels?

Cheers,
David

On Apr 1, 2008, at 2:39 PM, Gunther Mayer wrote:

> Hi guys,
>
> I'm having major issues with the dnsparanoia option as I get way  
> too many false positives:
>
> Mar 31 18:30:38  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 2: length 9)
> Mar 31 18:30:38  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 2: length 4)
> Mar 31 18:30:38  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 2: length 25)
> Mar 31 18:32:04  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 6: length 39)
> Mar 31 18:32:04  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 12: length 44)
> Mar 31 18:32:04  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 6: length 52)
> Mar 31 18:32:09  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 12: length 44)
> Mar 31 18:32:09  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 6: length 39)
> Mar 31 18:32:09  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 12: length 44)
> Mar 31 18:32:09  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 6: length 52)
> Mar 31 18:32:11  coova-chilli[889]: dns.c: 247: dropping dns for  
> anti-dnstunnel (type 6: length 36)
>
> As it turns out some clients sometimes take 30 seconds just to  
> resolve a single name (at least from Firefox).
>
> I don't know what the above types correspond to but I think that  
> there's a bug in the 1.0.11 code that drops the wrong types or  
> misidentifies them. Why it does eventually work is beyond me...
>
> Has anybody encountered this before? Is this a known issue?
>
> Gunther
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>




More information about the Chilli mailing list