[getdns-users] Strange behavior with query ordering

Willem Toorop willem at nlnetlabs.nl
Tue Jun 16 19:31:07 UTC 2015 

Hi Scott,

Sorry, I cannot reproduce.  I do get answers in both cases.
These are the version I'm using (latest):

Python 2.7.9 (default, Apr  2 2015, 15:33:21)
[GCC 4.9.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import getdns
>>> getdns.__version__
'0.3.1'
>>> getdns.Context().get_api_information()['version_string']
'0.2.0'
>>>
>>> res =
getdns.Context().general("_443._tcp.301ss.tlsa.good.test.had-pilot.biz",
getdns.RRTYPE_TLSA, {"dnssec_return_validation_chain" :
getdns.EXTENSION_TRUE})
>>> [a for reply in res.replies_tree for a in reply['answer'] if
a['type'] == getdns.RRTYPE_TLSA]
[{'ttl': 600, 'rdata': {'rdata_raw': <read-only buffer ptr 0x1ba69b0,
size 35 at 0x7fd0a6eed270>, 'certificate_usage': 3,
'certificate_association_data': <read-only buffer ptr 0x1ba0500, size 32
at 0x7fd0a6eed230>, 'matching_type': 1, 'selector': 0}, 'type': 52,
'class': 1, 'name': '_443._tcp.301ss.tlsa.good.test.had-pilot.biz.'}]
>>>

If you do have the issue even with these latest versions, I would be
very interested in packet captures from both cases.

Regards,


-- Willem

Op 16-06-15 om 18:20 schreef Rose, Scott W.:
> We're seeing some strange behavior in python depending on the order of queries.  This code:
> 
> import getdns
> extensions = {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE}
> ctx = getdns.Context()
> 
> hostname = "_443._tcp.301ss.tlsa.good.test.had-pilot.biz"
> for request_type in [getdns.RRTYPE_A,getdns.RRTYPE_TLSA]:
>     print "hostname=",hostname,"request_type=",request_type,"extensions=",extensions
>     results = ctx.general(name=hostname,request_type=request_type,extensions=extensions)
>     for reply in results.replies_tree:
>         for a in reply['answer']:
>             if a['type'] == request_type:
>                 print a
> 
> 
> Works, but if we change it to remove the A query, it doesn't:
> 
> import getdns
> extensions = {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE}
> ctx = getdns.Context()
> 
> hostname = "_443._tcp.301ss.tlsa.good.test.had-pilot.biz"
> for request_type in [getdns.RRTYPE_TLSA]:
>     print "hostname=",hostname,"request_type=",request_type,"extensions=",extensions
>     results = ctx.general(name=hostname,request_type=request_type,extensions=extensions)
>     for reply in results.replies_tree:
>         for a in reply['answer']:
>             if a['type'] == request_type:
>                 print a
> 
> This doesn't return the result ('a').  This isn't for all names either (_443._tcp.www.had-pilot.com works).  The name above does contain empty non-terminals (the "tlsa.good.test" are all ENT's).  Could that be it?  It seems to work if you query for qtype=A first, then TLSA, but not just TLSA.  
> 
> Scott
>  
> ===================================
> Scott Rose
> NIST
> scott.rose at nist.gov
> +1 301-975-8439
> Google Voice: +1 571-249-3671
> http://www.dnsops.gov/
> https://www.had-pilot.com/
> ===================================
> 
> 
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> http://getdnsapi.net/mailman/listinfo/users
>

More information about the Users mailing list