This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/12154] Can not resolve chained CNAME with a wildcard among the chained CNAME


http://sourceware.org/bugzilla/show_bug.cgi?id=12154

--- Comment #1 from Vincent Viallet <vincent.viallet at gmail dot com> 2010-10-22 14:51:29 UTC ---
Quick discussion over IRC - with some of the extra tests performed

-----------------------

[10:25pm] grawity: There are two separate rules for host names.
[10:26pm] grawity: One is the DNS protocol: everything is allowed, except for
null byte. * is an ordinary character.
[10:26pm] grawity: (That's how Freenode cloaks could be spoofed; "/" is valid.)
[10:26pm] grawity: The other is "hostnames" - those that point to actual
machines. They are limited to A-Z a-z 0-9 and - _
[10:27pm] grawity: Since the function is called gethostbyname(), there's a
chance it checks for the latter...
[10:28pm] grawity: (Although I doubt it. gethostbyname() shouldn't even check
immediate results, only final one)

[10:28pm] balou_fr: ooh - so getting a * as a reply to a DNS request would be
considered as invalid - since only a-zA-Z0-9_- are awaitend
[10:29pm] grawity: actually, requesting *

[10:29pm] grawity: But that's where I get confused. gethostbyname() does not
request "*.live.com".
[10:29pm] grawity: Microsoft's DNS server does the job of following CNAMEs.
[10:31pm] balou_fr: it only appears to affect linux server - macos do not have
this issue (didnt tested windows - none accessible)
[10:32pm] balou_fr: well - it should request *.live.com -- it d fail but that s
one of the issue of the Cnames

[10:32pm] grawity: dig "*.live.com"
[10:33pm] balou_fr: it does work
[10:33pm] balou_fr: ;; ANSWER SECTION:
[10:33pm] balou_fr: *.live.com.649INCNAMErds.live.com.nsatc.net.
[10:33pm] balou_fr: rds.live.com.nsatc.net.132INA65.55.206.154
[10:33pm] grawity: Notice how both the CNAME and its target are under 'ANSWER'
[10:33pm] balou_fr: but dig is pure DNS protocol
[10:33pm] grawity: libc _shouldn't need_ to follow CNAMES -- it's alrady done
by DNS server.

[10:36pm] grawity: Testing 'dig chat.freenode.net' which is a CNAME:
[10:36pm] grawity:   1.323094    snow.home -> fog.home    DNS Standard query A
irc.freenode.net
[10:36pm] grawity:   1.425244    fog.home -> snow.home    DNS Standard query
response CNAME chat.freenode.net A 216.155.130.130 A 216.165.191.52 A
78.40.125.4 A 82.96.64.4 A 86.65.39.15 A 128.237.157.136 A 130.237.188.200 A
140.211.166.3 A 140.211.166.4 A 174.143.119.91 A 208.71.169.36 A 213.92.8.4 A
213.161.196.11 A 213.179.58.83 A 213.232.93.3

[10:37pm] balou_fr: non it s not - tcpdump show only 1 round trip
[10:38pm] balou_fr: with all the CNAMEs in the reply

[10:38pm] grawity: Testing with what - dig or...?
[10:38pm] balou_fr: tcpdump on a terminal - ping (with failure) on another

[10:40pm] grawity: Now just to make sure, I tested with the problematic domain
[10:40pm] grawity:  88.389299    snow.home -> fog.home    DNS Standard query A
messenger.live.com
[10:40pm] grawity:  88.489966    fog.home -> snow.home    DNS Standard query
response CNAME get.live.com CNAME *.live.com CNAME rds.live.com.nsatc.net A
65.55.60.123

[10:40pm] grawity: And now I really don't know why libc fails on it 
[10:40pm] grawity: Eh, they should react on that report soon.

[10:43pm] balou_fr: also - do u mind if I attach part of this discussion in the
Bug report ?
[10:43pm] balou_fr: (filtered to only the relevant talk of course)
[10:43pm] grawity: Sure.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]