Network Working Group Y. Morishita Request for Comments: 4074 JPRS Category: Informational T. Jinmei Toshiba May 2005 Common Misbehavior Against DNS Queries for IPv6 Addresses Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005).
AbstractThere is some known misbehavior of DNS authoritative servers when they are queried for AAAA resource records. Such behavior can block IPv4 communication that should actually be available, cause a significant delay in name resolution, or even make a denial of service attack. This memo describes details of known cases and discusses their effects.
Sections 4.3.2 and 6.2.4 of ). Such a response indicates that there is at least one RR of a different type than AAAA for the queried name, and the stub resolver can then look for A RRs. This way, the caching server can cache the fact that the queried name has no AAAA RR (but may have other types of RRs), and thus improve the response time to further queries for an AAAA RR of the name.
With this response, the stub resolver may immediately give up and never fall back. Even if the resolver retries with a query for an A RR, the negative response for the name has been cached in the caching server, and the caching server will simply return the negative response. As a result, the stub resolver considers this to be a fatal error in name resolution. Several examples of this behavior are known to the authors. As of this writing, all have been fixed.
That is, the RR in the answer section would be described as follows: www.bad.example. 600 IN AAAA 192.0.2.1 which is, of course, bogus (or at least meaningless). A widely deployed caching server implementation transparently returns the broken response (and caches it) to the stub resolver. Another known server implementation parses the response by itself, and sends a separate response with RCODE 2 ("Server failure"). In either case, the broken response does not affect queries for an A RR of the same name. If the stub resolver falls back to A queries, it will get an appropriate response. The latter case, however, causes the same bad effect as that described in the previous section: redundant queries for AAAA RRs.
Section 4.2, can be used for a denial of service attack . The same argument applies to the case of "lame delegation", described in Section 4.5, with a certain type of caching server.  Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987.  The CERT Coordination Center, "Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions", March 2003, <http://www.kb.cert.org/vuls/id/714121>.
Full Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- firstname.lastname@example.org. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.