Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: mDNS unicast-response and cache-flush bits #4388

Closed
evverx opened this issue May 13, 2024 · 2 comments · Fixed by #4390
Closed

RFE: mDNS unicast-response and cache-flush bits #4388

evverx opened this issue May 13, 2024 · 2 comments · Fixed by #4390
Labels
cleanup Performs some code clean-up enhancement

Comments

@evverx
Copy link
Contributor

evverx commented May 13, 2024

Brief description

Currently the unicast-response and cache-flush bits aren't supported.

(It's mostly cosmetic because it's possible to get/set those bits manually. It's just something I noticed when I started playing with #4385)

Scapy version

f17e8da

Python version

3.12.3

Operating system

6.8.9-300.fc40.x86_64

Additional environment information

No response

How to reproduce

with_unicast_response_bit = DNS(b'\x00\x00\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x01Q\x05_qotd\x04_tcp\x05local\x00\x00\xff\x80\x01\x06host-5\x05local\x00\x00\xff\x80\x01\x01Q\x05_qotd\x04_tcp\x05local\x00\x00!\x00\x01\x00\x00\x00x\x00\x14\x00\x00\x00\x00\x00{\x06host-5\x05local\x00\x06host-5\x05local\x00\x00\x01\x00\x01\x00\x00\x00x\x00\x04\xc0\xa88\x03\x06host-5\x05local\x00\x00\x1c\x00\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x1c\x12+\xc1\xf3]\x97\x94')
with_cache_flush_bit = DNS(b'\x00\x00\x84\x00\x00\x00\x00\x06\x00\x00\x00\x02\x01Q\x05_qotd\x04_tcp\x05local\x00\x00\x10\x80\x01\x00\x00\x11\x94\x00\x01\x00\t_services\x07_dns-sd\x04_udp\x05local\x00\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x12\x05_qotd\x04_tcp\x05local\x00\x05_qotd\x04_tcp\x05local\x00\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x14\x01Q\x05_qotd\x04_tcp\x05local\x00\x01Q\x05_qotd\x04_tcp\x05local\x00\x00!\x80\x01\x00\x00\x00x\x00\x14\x00\x00\x00\x00\x00{\x06host-5\x05local\x00\x06host-5\x05local\x00\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa88\x03\x06host-5\x05local\x00\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x1c\x12+\xc1\xf3]\x97\x94\x01Q\x05_qotd\x04_tcp\x05local\x00\x00/\x80\x01\x00\x00\x11\x94\x00\x1b\x01Q\x05_qotd\x04_tcp\x05local\x00\x00\x05\x00\x00\x80\x00@\x06host-5\x05local\x00\x00/\x80\x01\x00\x00\x00x\x00\x14\x06host-5\x05local\x00\x00\x04@\x00\x00\x08')

Actual result

>>> with_unicast_response_bit.qd[0].show()
###[ DNS Question Record ]###
  qname     = b'Q._qotd._tcp.local.'
  qtype     = ALL
  qclass    = 32769
>>> with_cache_flush_bit.an[0].show()
###[ DNS Resource Record ]###
  rrname    = b'Q._qotd._tcp.local.'
  type      = TXT
  rclass    = 32769
  ttl       = 4500
  rdlen     = None
  rdata     = [b'']

Expected result

tshark shows

        Q._qotd._tcp.local: type ANY, class IN, "QU" question
            Name: Q._qotd._tcp.local
            [Name Length: 18]
            [Label Count: 4]
            Type: ANY (255) (A request for all records the server/cache has available)
            .000 0000 0000 0001 = Class: IN (0x0001)
            1... .... .... .... = "QU" question: True

and

        Q._qotd._tcp.local: type TXT, class IN, cache flush
            Name: Q._qotd._tcp.local
            Type: TXT (16) (Text strings)
            .000 0000 0000 0001 = Class: IN (0x0001)
            1... .... .... .... = Cache flush: True
            Time to live: 4500 (1 hour, 15 minutes)
            Data length: 1
            TXT Length: 0
            TXT:

respectively.

Related resources

https://datatracker.ietf.org/doc/html/rfc6762#section-19

Multicast DNS...
...

  • defines a unicast-response bit in the rrclass of query questions
  • defines a cache-flush bit in the rrclass of response records

https://datatracker.ietf.org/doc/html/rfc6762#section-5.4

Multicast DNS defines the top bit in the class field of a DNS
question as the unicast-response bit. When this bit is set in a
question, it indicates that the querier is willing to accept unicast
replies in response to this specific query, as well as the usual
multicast responses. These questions requesting unicast responses
are referred to as "QU" questions, to distinguish them from the more
usual questions requesting multicast responses ("QM" questions).

https://datatracker.ietf.org/doc/html/rfc6762#section-10.2

the host MUST then
send a series of unsolicited announcements to update cache entries in
its neighbor hosts. In these unsolicited announcements, if the
record is one that has been verified unique, the host sets the most
significant bit of the rrclass field of the resource record. This
bit, the cache-flush bit, tells neighboring hosts that this is not a
shared record type.
@gpotter2 gpotter2 added cleanup Performs some code clean-up enhancement labels May 13, 2024
@gpotter2
Copy link
Member

gpotter2 commented May 13, 2024
edited

That's a good point. It's pretty similar to LLMNR.

I'll add it to #4385 when I get the time.
Edit: I ended up merging it but I'll make it into a future PR.

@gpotter2 gpotter2 mentioned this issue May 14, 2024
Merged
@gpotter2
Copy link
Member

You can checkout #4390

I just added the bits everywhere. It might be an annoyance for classes > 32k for classic DNS.. but I'm unsure those are frequent so it'll do for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cleanup Performs some code clean-up enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

(m)DNS: improve (m)dnsd defaults and behavior gpotter2/scapy
2 participants
@evverx @gpotter2