This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/19148] New: resolv: TCP query failure triggers retries along the search path
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sun, 18 Oct 2015 11:02:35 +0000
- Subject: [Bug network/19148] New: resolv: TCP query failure triggers retries along the search path
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19148
Bug ID: 19148
Summary: resolv: TCP query failure triggers retries along the
search path
Product: glibc
Version: 2.23
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
If the stub resolver receives a TC=1 reply from a configured name server, it
will attempt to fetch the answer over TCP. If the TCP connection fails, the
stub resolver proceeds along the search path, instead of failing the query due
to the network failure. This means that a brief name server outage can lead to
vastly different name resolution results, which seems wrong (and very difficult
to debug). The current behavior could turn more problematic once new gTLDs are
in wide use because traditionally, operators avoid using TLD strings as labels
(so a successful resolution on the fallback queries along the search path
appears unlikely at the moment).
This is the second problem observed in this thread:
https://sourceware.org/ml/libc-help/2015-10/msg00012.html
Fixing this bug will not address the reporter's issue because the configured
name server does not support TCP reliably. This bug just fell out of the
analysis of the original report.
Reproduction instructions follow. Make sure that /etc/resolv.conf contains a
âsearch directiveâ. Disable TCP connections to the name servers with:
# iptables -I OUTPUT -p tcp --dport 53 -j REJECT --reject-with=tcp-reset
Then run:
$ strace -e sendmmsg -s 500 getent ahosts like-keys.t.enyo.de
Observe how search path entries are appended to the queried domain name.
The following resource records are associated with like-keys.t.enyo.de:
like-keys.t.enyo.de. 600 IN CNAME like-keys-1.t.enyo.de.
like-keys-1.t.enyo.de. 600 IN A 192.0.2.1
like-keys-1.t.enyo.de. 600 IN A 192.0.2.2
like-keys-1.t.enyo.de. 600 IN A 192.0.2.3
like-keys-1.t.enyo.de. 600 IN A 192.0.2.4
like-keys-1.t.enyo.de. 600 IN A 192.0.2.5
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::1
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::10
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::2
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::3
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::4
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::5
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::6
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::7
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::8
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::9
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::a
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::b
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::c
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::d
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::e
like-keys-1.t.enyo.de. 600 IN AAAA 2001:db8::f
--
You are receiving this mail because:
You are on the CC list for the bug.