This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/19148] New: resolv: TCP query failure triggers retries along the search path


https://sourceware.org/bugzilla/show_bug.cgi?id=19148

            Bug ID: 19148
           Summary: resolv: TCP query failure triggers retries along the
                    search path
           Product: glibc
           Version: 2.23
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
  Target Milestone: ---

If the stub resolver receives a TC=1 reply from a configured name server, it
will attempt to fetch the answer over TCP.  If the TCP connection fails, the
stub resolver proceeds along the search path, instead of failing the query due
to the network failure.  This means that a brief name server outage can lead to
vastly different name resolution results, which seems wrong (and very difficult
to debug).  The current behavior could turn more problematic once new gTLDs are
in wide use because traditionally, operators avoid using TLD strings as labels
(so a successful resolution on the fallback queries along the search path
appears unlikely at the moment).

This is the second problem observed in this thread:

  https://sourceware.org/ml/libc-help/2015-10/msg00012.html

Fixing this bug will not address the reporter's issue because the configured
name server does not support TCP reliably.  This bug just fell out of the
analysis of the original report.

Reproduction instructions follow.  Make sure that /etc/resolv.conf contains a
âsearch directiveâ.  Disable TCP connections to the name servers with:

# iptables -I OUTPUT -p tcp --dport 53 -j REJECT --reject-with=tcp-reset

Then run:

$ strace -e sendmmsg -s 500 getent ahosts like-keys.t.enyo.de

Observe how search path entries are appended to the queried domain name.

The following resource records are associated with like-keys.t.enyo.de:

like-keys.t.enyo.de.    600     IN      CNAME   like-keys-1.t.enyo.de.

like-keys-1.t.enyo.de.  600     IN      A       192.0.2.1
like-keys-1.t.enyo.de.  600     IN      A       192.0.2.2
like-keys-1.t.enyo.de.  600     IN      A       192.0.2.3
like-keys-1.t.enyo.de.  600     IN      A       192.0.2.4
like-keys-1.t.enyo.de.  600     IN      A       192.0.2.5

like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::1
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::10
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::2
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::3
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::4
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::5
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::6
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::7
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::8
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::9
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::a
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::b
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::c
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::d
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::e
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::f

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]