A bug in resolver (getaddrinfo)?? Unqualified lookups
From: Chris Cox (ccox_nopenotthis_at_airmail.net)
Date: 03/26/04
- Next message: Timur Tabi: "Obtaining the "ps ax" pid from a thread?"
- Previous message: Kasper Dupont: "Re: Unknown kernel mode CPU thief in SMP system."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 26 Mar 2004 15:39:55 -0600
See attached code.
The problem I'm seeing is that getaddrinfo on unqualified
addresses looks for the A record using the unqualified
name even with a search. Since the unqualified name
is going to fail, it goes to the next nameserver in
the search list...which fails, etc... finally it goes
back and tries appending the entries from the search
option in resolv.conf.
This sounds like a bug to me.
This means that a mandatory query of all nameservers
is made for any unqualified lookup before doing a
potentially successful query with the search list.
Consider a resolv.conf:
nameserver 204.96.212.12
nameserver 199.1.7.10
search internal.local
And /etc/nsswitch.conf
hosts: files dns
If we ssh or telnet to the host called linux:
getaddrinfo inside of telnet (or ssh) will look for
"linux" inside of /etc/hosts first, then
204.96.212.12... which will
fail, then it tries "linux" inside of 199.1.7.10.
THEN, it tries "linux.internal.local" inside of
204.96.212.12 and assuming the server is up, that
one will respond.
In my opinion, the search for the unqualified
name should only happen through /etc/hosts and
when querying the DNS name servers, the search
list should always be tried.
Thus I expect:
Search for "linux" in /etc/hosts,
search for "linux.internal.local" in 204.96.212.12
and if necessary search "linux.internal.local"
in 199.1.7.10.
According to the resolv.conf man page:
search Search list for host-name lookup. The search list
is normally determined from the local domain name;
by default, it contains only the local domain name.
This may be changed by listing the desired domain
search path following the search keyword with
spaces or tabs separating the names. Most resolver
queries will be attempted using each component of
the search path in turn until a match is found.
Note that this process may be slow and will gener
ate a lot of network traffic if the servers for the
listed domains are not local, and that queries will
time out if no server is available for one of the
domains.
Note, this problem happens regardless of your setting
of the ndots option.. the unqualified name is always
queried through all name servers first.
As it stands, EVERY unqualified lookup goes and
queries every name server for the unqualified
name and wastes time doing so... and it's a real
pain if the second DNS server is down (this is
how we discovered this problem)... lookups will
take a very long time because it will attempt
queries to the dead host.
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
int main(argc, argv)
char* argc;
char* argv[];
{
struct addrinfo hints;
struct addrinfo *res;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_CANONNAME;
getaddrinfo(argv[1],"telnet",&hints,&res);
printf("%s\n",res->ai_canonname);
freeaddrinfo(res);
}
- Next message: Timur Tabi: "Obtaining the "ps ax" pid from a thread?"
- Previous message: Kasper Dupont: "Re: Unknown kernel mode CPU thief in SMP system."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
