[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#663948: Wrong resolver behavior (ipv6) after squeeze point release

Package: libc6
Version: 2.11.3-3
Severity: important
Tags: squeeze ipv6

After last glibc6 update 2.11.2-10 -> 2.11.3-2 resolver changed its behavior.

My setup (nothing strange):
ipv6 enabled, but no special settings for it and my local DNS zone has only A records.

How 2.11.2-10 works:
When I type
$ getent hosts mailsrv
it get domain name from /etc/resolv.conf and do the following requests:

12:00:56.678524 IP standvm-squeeze.lvknet.33570 > ns.lvknet.domain: 41768+ AAAA? mailsrv.lvknet. (32)
12:00:56.679161 IP ns.lvknet.domain > standvm-squeeze.lvknet.33570: 41768* 0/1/0 (76)
12:00:56.679478 IP standvm-squeeze.lvknet.50893 > ns.lvknet.domain: 16915+ A? mailsrv.lvknet. (32)
12:00:56.679857 IP ns.lvknet.domain > standvm-squeeze.lvknet.50893: 16915* 1/1/1 A (81)

Ok, It tries ipv6 first, I dont need this, but no problem, at least my dns server knows the answer.

But after upgrade to 2.11.3-2 it's behavior changed:

11:19:42.200667 IP standvm-squeeze.lvknet.54095 > ns.lvknet.domain: 17176+ AAAA? mailsrv.lvknet. (32)
11:19:42.201110 IP ns.lvknet.domain > standvm-squeeze.lvknet.54095: 17176* 0/1/0 (76)
11:19:42.201228 IP standvm-squeeze.lvknet.48952 > ns.lvknet.domain: 2218+ AAAA? mailsrv. (25)
11:19:42.202883 IP ns.lvknet.domain > standvm-squeeze.lvknet.48952: 2218 NXDomain 0/1/0 (100)
11:19:42.203028 IP standvm-squeeze.lvknet.54867 > ns.lvknet.domain: 364+ A? mailsrv.lvknet. (32)
11:19:42.203337 IP ns.lvknet.domain > standvm-squeeze.lvknet.54867: 364* 1/1/1 A (81)

It tries fqdn for ipv6 address, then just hostname without domain for ipv6 and
only after that it asks for ipv4 address.

I don't know why did upstream do this, but I see at least two problems:

My DNS server knows my zone (lvknet. in my case), but when someone asks him for hostname. it will
translate this request to my provider's DNS server (I use bind whith forward in my settings, nothing strange).

1.My provider will see every hosts request withing my network. This is security flow, I'm sure.
2.If I have connectivity problem with my provider,
$ getent hosts validhostnamemyDNSserverknowsabout
will hang for about a minute.

-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-xen-686 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6 depends on:
ii  libc-bin                      2.11.3-3   Embedded GNU C Library: Binaries
ii  libgcc1                       1:4.4.5-8  GCC support library

Versions of packages libc6 recommends:
ii  libc6-i686                    2.11.3-3   Embedded GNU C Library: Shared lib

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]   Debian configuration management sy
pn  glibc-doc                     <none>     (no description available)
ii  locales                       2.11.3-3   Embedded GNU C Library: National L

-- debconf information:
* glibc/restart-services: cron
  glibc/upgrade: true

Reply to: