This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug network/12154] Cannot resolve hosts which have wildcard aliases

From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 01 Mar 2016 05:22:30 +0000
Subject: [Bug network/12154] Cannot resolve hosts which have wildcard aliases
Auto-submitted: auto-generated
References: <bug-12154-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=12154

--- Comment #11 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Charlie Brady from comment #7)
> (In reply to Florian Weimer from comment #6)
> 
> > glibc follows the syntactical requirements of RFC 1123:
> > 
> >   http://tools.ietf.org/html/rfc1123#page-13
> > 
> > extended with support for underscores in 1998.
> 
> rfc 4592 "The Role of Wildcards in the Domain Name System" (from 2006) needs
> to be considered.

Not really.  I'll try to explain why, but this is somewhat tricky. 
Technically, no wildcard is involved here, because that's not a DNS feature
which is visible on the interface between authoritative server and recursor.

> I found this issue when investigating lookup failures on the name
> 3d06bae3-cff4-43c6-825d-96175822a583.um.outlook.com.
> 
> DNS is returning a valid response:
> 
>     Answers
>         3d06bae3-cff4-43c6-825d-96175822a583.um.outlook.com: type CNAME,
> class IN, cname *.um.outlook.com
> .glbdns2.microsoft.com
>             Name: 3d06bae3-cff4-43c6-825d-96175822a583.um.outlook.com
>             Type: CNAME (Canonical NAME for an alias) (5)
>             Class: IN (0x0001)
>             Time to live: 297
>             Data length: 37
>             CNAME: *.um.outlook.com.glbdns2.microsoft.com

That's the questionable bit.  Wildcards cannot be used on the right hand side
of a CNAME record because the server will not expand them.  In this position,
â*â is just a label label like any other which is not 

It happens to work without host name checks because â*â as a label is matched
by the wildcard:

>         *.um.outlook.com.glbdns2.microsoft.com: type CNAME, class IN, cname
> wildcard-namnorth.um.outlook.com
>             Name: *.um.outlook.com.glbdns2.microsoft.com
>             Type: CNAME (Canonical NAME for an alias) (5)
>             Class: IN (0x0001)
>             Time to live: 300
>             Data length: 20
>             CNAME: wildcard-namnorth.um.outlook.com

â*â is both a valid DNS label (but not for host names), and used (in a form of
in-band signaling) to mark DNS records for wildcard processing (on the
left-hand side).  But on the DNS query interface, you never see â*â in its
wildcard role, it's always a regular label.

> https://groups.google.com/forum/#!topic/comp.protocols.dns.bind/bVSyx6oLiAA

The conclusion of this thread seems to be that the current glibc behavior is
correct.  I disagree to some extent; I think we should accept such responses
and extract address information from them (but not all alias information).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]