Ferret

Ferret is the first automatic test generator for DNS nameserver implementation RFC compliance.

The test case generation module is implemented in C# and symbolically executes the Zen model of the authoritative DNS, which is based on our updated DNS formal semantics. The formal semantics were part of the earlier SIGCOMM paper we published. The testing module uses Docker to test implementations.

Follow the steps mentioned in test case generation README to generate tests using Zen. Use either the Zen generated tests or custom tests to test implementations by following the steps mentioned in DifferentialTesting README. To simply serve a zone using an implementation docker container follow these steps.

📃 NSDI 2022 -- SCALE: Automatically Finding RFC Compliance Bugs in DNS Nameservers

🖥️ Slides and Talk

Citing Ferret

@inproceedings {278336,
author = {Siva Kesava Reddy Kakarla and Ryan Beckett and Todd Millstein and George Varghese},
title = {{SCALE}: Automatically Finding {RFC} Compliance Bugs in {DNS} Nameservers},
booktitle = {19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22)},
year = {2022},
isbn = {978-1-939133-27-4},
address = {Renton, WA},
pages = {307--323},
url = {https://www.usenix.org/conference/nsdi22/presentation/kakarla},
publisher = {USENIX Association},
month = apr,
}

Bugs Found

Legend - Fixed: ✅    Confirmed: ☑️    Bug but not fixing it: ⚠️

Implementation	Bug	Bug Type	Status
Bind	Sibling glue records not returned	Wrong Additional	☑️
	Zone origin glue records not returned	Wrong Additional	☑️
	Synthesized CNAME is not taken for a CNAME query	Wrong RCODE	✅
	DNAME recursion denial-of-service	Server Crash	✅
Nsd	DNAME not applied recursively	Wrong Answer	✅
	Wrong RCODE when * is in rdata	Wrong RCODE	✅
	Synthesized CNAME is not taken for a CNAME query	Wrong RCODE	✅
	Used NS records below delegation	Wrong Answer	✅
PowerDns	CNAME followed when not required	Wrong Answer	☑️
	DNAME at apex pdnsutil check-zone	Wrong Answer	✅
Knot	Incorrect record synthesis	Wrong Answer	✅
	DNAME not applied recursively	Wrong Answer	✅
	Used records below delegation	Wrong Answer	✅
	Error in DNAME-DNAME loop Knot test	Faulty Knot Test	✅
	Synthesized CNAME is not taken for a CNAME query	Wrong RCODE	✅
CoreDns	NXDOMAIN for an existing domain	Wrong RCODE	⚠️
	Wrong RCODE for CNAME target	Wrong RCODE	✅
	Wildcard CNAME loops and DNAME loops	Server Crash	✅
	Wrong RCODE for synthesized record	Wrong RCODE	✅
	CNAME followed when not required	Wrong Answer	✅
	Sibling glue records not returned	Wrong Additional	☑️
Yadifa	CNAME chains not followed	Wrong Answer	✅
	Wrong RCODE for CNAME target	Wrong RCODE	✅
	Used records below delegation	Wrong Answer	✅
Maradns#	AA flag set for zone cut NS RRs	Wrong Flag	⚠️
	Glue records returned with AA flag	Wrong Flag	⚠️
TrustDns#	Wildcard matches only one label	Wrong Answer	☑️
	Glue records returned with AA flag	Wrong Flag	☑️
	AA flag set for zone cut NS RRs	Wrong Flag	☑️
	CNAME loop crashes the server	Server Crash	✅
Technitium	Wrong RCODE for synthesized record	Wrong RCODE	☑️
	Improper handling of non-terminal wildcard	Wrong Answer	☑️
	Used records below delegation	Wrong Answer	☑️
	Wildcard CNAME not applied again	Wrong Answer	☑️

^# Implementations with unreported issues due to missing or unimplemented features