[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#373781: resolver fails if CNAME points to A record in non-authoritative domain

On Mon, Feb 07, 2011 at 08:14:38PM +0100, Witold Baryluk wrote:
> Hello all!
> 
> I found similar problem about CNAME -> AAAA translation  first in ping6
> and traceroute6.
> 
> Original report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612232
> 
> Then i disocvered it have much more borader scope
> (wget -6, links -6, rsync -6 , ssh -6, traceroute6)
> all was erroring with something like:
> 
> # LC_ALL=C wget -6 -nv debian.mirror.cambrium.nl
> wget: unable to resolve host address `debian.mirror.cambrium.nl'
> # 
> 
> What is different from this bug is that when i do
> "wget -4" or simply "wget" everything works (but of course over ipv4)
> (and similary for all other tools), 
> 
> What is interesting I am using maradns, so this can be connected.
> 
> I also added "options inet6" to the resolv.conf,
> but effect is the same in all cases (wget without -4/-6 connects over ipv4,
> which is a bug anyway as host have IPv6 addres after CNAME resolution).
> 
> I guess it is problem with maradns, becuase after changing resolve.conf to
> 
>     nameserver 217.19.16.130     # IP address of ns1.cambrium.nl.
> 
> all tools started to work correctly, becuase server returned everything in single
> response in additional sections:
> 
> # host -r -t ANY debian.mirror.cambrium.nl 217.19.16.130
> Using domain server:
> Name: 217.19.16.130
> Address: 217.19.16.130#53
> Aliases: 
> 
> debian.mirror.cambrium.nl is an alias for mirror.cambrium.nl.
> mirror.cambrium.nl has SOA record ns1.cambrium.nl. postmaster.mirror.cambrium.nl. 1297082265 16384 2048 1048576 2560
> mirror.cambrium.nl has address 217.19.16.188
> mirror.cambrium.nl has IPv6 address 2a02:58:3:2:80::1
> #
> 
> # fpdns 217.19.16.130
> fingerprint (217.19.16.130, 217.19.16.130): DJ Bernstein TinyDNS 1.05
> #
> 
> 
> but maradns 1.4.x do not
> 
> # host -t ANY debian.mirror.cambrium.nl MYRESOLVER
> debian.mirror.cambrium.nl is an alias for mirror.cambrium.nl.
> #
> # host debian.mirror.cambrium.nl MYRESOLVER
> debian.mirror.cambrium.nl is an alias for mirror.cambrium.nl.
> mirror.cambrium.nl has address 217.19.16.188
> mirror.cambrium.nl has IPv6 address 2a02:58:3:2:80::1
> #  (the last one is of course because host utility performs recursion by itself)
> 
> 
> 
> With deadwood i see no problem:
> 
> OTHERBOX# host -6 -t ANY debian.mirror.cambrium.nl '::1'
> Using domain server:
> Name: ::1
> Address: ::1#53
> Aliases: 
> 
> debian.mirror.cambrium.nl is an alias for mirror.cambrium.nl.
> mirror.cambrium.nl has SOA record ns1.cambrium.nl. postmaster.mirror.cambrium.nl. 1297082265 16384 2048 1048576 2560
> mirror.cambrium.nl has address 217.19.16.188
> mirror.cambrium.nl has IPv6 address 2a02:58:3:2:80::1
> OTHERBOX# 
> 
> OTHERBOX# deadwood -h
> Deadwood version 20110116-1
> ...
> #
> 
> I tested few others recursive servers arround and also BIND 9.x (9.2-9.6)
> looks have to have the same problem.
> 
> 
> So it is problem/issue, but I do not really know yet if this is bug,
> (need to checks specs).
> 
> Question is: shouldn't libc by itself resolve this indirection
> (of course limiting it to one level of CNAME indirection)?

The glibc resolver is not a *recursive* resolver, so it's normal it
doesn't recurse here.

> From behaviour of libc for ipv4 addresses I will safely assume
> that indeed libc should perform it, and nacassarly code for ipv6
> CNAME -> AAAA is missing, but apperently (CNAME -> A) is there.

I may be wrong, but I don't don't think it handle CNAME for the A case.
You are supposed to point your DNS server to a recursive resolver.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: