Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf

To: Stephen Gran <sgran@debian.org>
Cc: debian-glibc@lists.debian.org, 343140@bugs.debian.org, Gabor Gombas <gombasg@sztaki.hu>, Marco d'Itri <md@Linux.IT>, GOTO Masanori <gotom@sanori.org>
Subject: Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
From: Edward Buck <ed@bashware.net>
Date: Fri, 23 Dec 2005 13:21:54 -0800
Message-id: <[🔎] 43AC6A72.4010802@bashware.net>
Reply-to: Edward Buck <ed@bashware.net>, 343140@bugs.debian.org
In-reply-to: <[🔎] 20051223193522.GB26637@www.lobefin.net>
References: <[🔎] 20051215122112.GA14912@boogie.lpds.sztaki.hu> <[🔎] 43A1EE1A.7080204@bashware.net> <[🔎] 20051216001245.GA31300@www.lobefin.net> <[🔎] 43A214B5.7070003@bashware.net> <[🔎] 81fyoofvsz.wl%gotom@sanori.org> <[🔎] 20051220134741.GA7049@wonderland.linux.it> <[🔎] 20051221161042.GC17855@boogie.lpds.sztaki.hu> <[🔎] 20051221170804.GA10456@wonderland.linux.it> <[🔎] 20051223002233.GI14479@boogie.lpds.sztaki.hu> <[🔎] 43AB6836.5060101@bashware.net> <[🔎] 20051223193522.GB26637@www.lobefin.net>

Stephen Gran wrote:

This one time, at band camp, Edward Buck said:

If you read further down the man page:

"ndots:n sets a threshold for the number of dots which must appear in a
name given to res_query() (see resolver(3)) before an initial absolute
query will be made."

There's no ambiguity in the term 'absolute query'.  A lookup for the
IPv6 address example.com.domain.in.search.path is NOT an initial
absolute query no matter how you look at it.


Unless of course you missed the part of the report where the query under
discussion has greater than ndots in it.  The original query under
discussion was mx1.hotmail.com, and ndots was unset, so defaulted to 1.
There are 2 dots in mx1.hotmail.com, so the search order was correctly
used.  That it defaulted to ipv6 first is the only thing really left for
discussion, it seems to me.

The issue is that it defaulted to the IPv6 _family_ first. It's not abug that IPv6 is tried first since RFC's recommend that. And even withthe original query of mx1.hotmail.com, I'm saying that the search orderis _not_ correct. Let's say the search line has:


search domain1.com domain2.com

The correct query order for mx1.hotmail.com (containing 2 dots) should be:

1. mx1.hotmail.com. - AAAA
2. mx1.hotmail.com. - A
3. mx1.hotmail.com.domain1.com. - AAAA
4. mx1.hotmail.com.domain1.com. - A
5. mx1.hotmail.com.domain2.com. - AAAA
6. mx1.hotmail.com.domain2.com. - A

If step 1 or 2 returns a host address, step 3 and later are skipped.

The Debian (or glibc) query order is:

1. mx1.hotmail.com. - AAAA
2. mx1.hotmail.com.domain1.com. - AAAA
3. mx1.hotmail.com.domain2.com. - AAAA
4. mx1.hotmail.com. - A
5. mx1.hotmail.com.domain1.com. - A
6. mx1.hotmail.com.domain2.com. - A

With Debian's query order, mx1.hotmail.com exists as an A record yet thesystem doesn't check until it has already done 3 queries, 2 of which donot qualify as an 'initial absolute query'.

The bug is not just limited to those who use the search line. If yourresolv.conf contains 'domain ...', e.g.


domain example.com
nameserver x.x.x.x
nameserver y.y.y.y

Then a query of mx1.hotmail.com will ALWAYS yield:

1. mx1.hotmail.com. - AAAA
2. mx1.hotmail.com.example.com. - AAAA (extraneous)
3. mx1.hotmail.com. - A

In other words, Debian's networking already starts at a disadvantage(doing extra queries) as long as you use _either_ 'search' or 'domain'in /etc/resolv.conf.


Regards,
Ed

Reply to:

Follow-Ups:
- Re: Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Gabor Gombas <gombasg@sztaki.hu>

References:
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Edward Buck <ed@bashware.net>
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Stephen Gran <sgran@debian.org>
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Edward Buck <ed@bashware.net>
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: GOTO Masanori <gotom@sanori.org>
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: md@Linux.IT (Marco d'Itri)
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: md@Linux.IT (Marco d'Itri)
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Edward Buck <ed@bashware.net>
- Re: Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: Bug#344563: nscd: cache.c:335: prune_cache: Assertion `dh->usable' failed.
Next by Date: Re: Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
Previous by thread: Re: Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
Next by thread: Re: Bug#343140: libc6: resolver always checks search list in /etc/resolv.conf
Index(es):
- Date
- Thread