This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12154] Can not resolve chained CNAME with a wildcard among the chained CNAME
- From: "vincent.viallet at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Fri, 22 Oct 2010 14:51:36 +0000
- Subject: [Bug libc/12154] Can not resolve chained CNAME with a wildcard among the chained CNAME
- Auto-submitted: auto-generated
- References: <bug-12154-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12154
--- Comment #1 from Vincent Viallet <vincent.viallet at gmail dot com> 2010-10-22 14:51:29 UTC ---
Quick discussion over IRC - with some of the extra tests performed
-----------------------
[10:25pm] grawity: There are two separate rules for host names.
[10:26pm] grawity: One is the DNS protocol: everything is allowed, except for
null byte. * is an ordinary character.
[10:26pm] grawity: (That's how Freenode cloaks could be spoofed; "/" is valid.)
[10:26pm] grawity: The other is "hostnames" - those that point to actual
machines. They are limited to A-Z a-z 0-9 and - _
[10:27pm] grawity: Since the function is called gethostbyname(), there's a
chance it checks for the latter...
[10:28pm] grawity: (Although I doubt it. gethostbyname() shouldn't even check
immediate results, only final one)
[10:28pm] balou_fr: ooh - so getting a * as a reply to a DNS request would be
considered as invalid - since only a-zA-Z0-9_- are awaitend
[10:29pm] grawity: actually, requesting *
[10:29pm] grawity: But that's where I get confused. gethostbyname() does not
request "*.live.com".
[10:29pm] grawity: Microsoft's DNS server does the job of following CNAMEs.
[10:31pm] balou_fr: it only appears to affect linux server - macos do not have
this issue (didnt tested windows - none accessible)
[10:32pm] balou_fr: well - it should request *.live.com -- it d fail but that s
one of the issue of the Cnames
[10:32pm] grawity: dig "*.live.com"
[10:33pm] balou_fr: it does work
[10:33pm] balou_fr: ;; ANSWER SECTION:
[10:33pm] balou_fr: *.live.com.649INCNAMErds.live.com.nsatc.net.
[10:33pm] balou_fr: rds.live.com.nsatc.net.132INA65.55.206.154
[10:33pm] grawity: Notice how both the CNAME and its target are under 'ANSWER'
[10:33pm] balou_fr: but dig is pure DNS protocol
[10:33pm] grawity: libc _shouldn't need_ to follow CNAMES -- it's alrady done
by DNS server.
[10:36pm] grawity: Testing 'dig chat.freenode.net' which is a CNAME:
[10:36pm] grawity: 1.323094 snow.home -> fog.home DNS Standard query A
irc.freenode.net
[10:36pm] grawity: 1.425244 fog.home -> snow.home DNS Standard query
response CNAME chat.freenode.net A 216.155.130.130 A 216.165.191.52 A
78.40.125.4 A 82.96.64.4 A 86.65.39.15 A 128.237.157.136 A 130.237.188.200 A
140.211.166.3 A 140.211.166.4 A 174.143.119.91 A 208.71.169.36 A 213.92.8.4 A
213.161.196.11 A 213.179.58.83 A 213.232.93.3
[10:37pm] balou_fr: non it s not - tcpdump show only 1 round trip
[10:38pm] balou_fr: with all the CNAMEs in the reply
[10:38pm] grawity: Testing with what - dig or...?
[10:38pm] balou_fr: tcpdump on a terminal - ping (with failure) on another
[10:40pm] grawity: Now just to make sure, I tested with the problematic domain
[10:40pm] grawity: 88.389299 snow.home -> fog.home DNS Standard query A
messenger.live.com
[10:40pm] grawity: 88.489966 fog.home -> snow.home DNS Standard query
response CNAME get.live.com CNAME *.live.com CNAME rds.live.com.nsatc.net A
65.55.60.123
[10:40pm] grawity: And now I really don't know why libc fails on it
[10:40pm] grawity: Eh, they should react on that report soon.
[10:43pm] balou_fr: also - do u mind if I attach part of this discussion in the
Bug report ?
[10:43pm] balou_fr: (filtered to only the relevant talk of course)
[10:43pm] grawity: Sure.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.