This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug network/19646] New: DNS lookup over TCP is unreliable

From: "vapier at gentoo dot org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 16 Feb 2016 21:00:10 +0000
Subject: [Bug network/19646] New: DNS lookup over TCP is unreliable
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=19646

            Bug ID: 19646
           Summary: DNS lookup over TCP is unreliable
           Product: glibc
           Version: 2.23
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: vapier at gentoo dot org
  Target Milestone: ---

as described by Carlos in resolv/res_send.c:

The send_vc function is responsible for sending a DNS query over TCP  to the
nameserver numbered NS from the res_state STATP i.e. EXT(statp).nssocks[ns]. 
The function supports sending both IPv4 and IPv6 queries at the same serially
on the same socket.

Please note that for TCP there is no way to disable sending both queries,
unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP and sends the queries
serially and waits for the result after each sent query.  This implementation
should be corrected to honor these options.

Please also note that for TCP we send both queries over the same socket one
after another.  This technically violates best practice since the server is
allowed to read the first query, respond, and then close the socket (to service
another client).  If the server does this, then the remaining second query in
the socket data buffer  will cause the server to send the client an RST which
will arrive asynchronously and the client's OS will likely tear down the socket
receive buffer resulting in a potentially short read and lost response data. 
This will force the client to retry the query again, and this process may
repeat until all servers and connection resets are exhausted and then the query
will fail.  It's not known if this happens with any frequency in real DNS
server implementations.  This implementation should be corrected to use two
sockets by default for parallel queries.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug network/19646] DNS lookup over TCP is unreliable
  - From: fweimer at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]