This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/19646] New: DNS lookup over TCP is unreliable
- From: "vapier at gentoo dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 16 Feb 2016 21:00:10 +0000
- Subject: [Bug network/19646] New: DNS lookup over TCP is unreliable
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19646
Bug ID: 19646
Summary: DNS lookup over TCP is unreliable
Product: glibc
Version: 2.23
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: vapier at gentoo dot org
Target Milestone: ---
as described by Carlos in resolv/res_send.c:
The send_vc function is responsible for sending a DNS query over TCP to the
nameserver numbered NS from the res_state STATP i.e. EXT(statp).nssocks[ns].
The function supports sending both IPv4 and IPv6 queries at the same serially
on the same socket.
Please note that for TCP there is no way to disable sending both queries,
unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP and sends the queries
serially and waits for the result after each sent query. This implementation
should be corrected to honor these options.
Please also note that for TCP we send both queries over the same socket one
after another. This technically violates best practice since the server is
allowed to read the first query, respond, and then close the socket (to service
another client). If the server does this, then the remaining second query in
the socket data buffer will cause the server to send the client an RST which
will arrive asynchronously and the client's OS will likely tear down the socket
receive buffer resulting in a potentially short read and lost response data.
This will force the client to retry the query again, and this process may
repeat until all servers and connection resets are exhausted and then the query
will fail. It's not known if this happens with any frequency in real DNS
server implementations. This implementation should be corrected to use two
sockets by default for parallel queries.
--
You are receiving this mail because:
You are on the CC list for the bug.