Bug#373781: resolver fails if CNAME points to A record in non-authoritative domain
On Mon, Feb 07, 2011 at 08:14:38PM +0100, Witold Baryluk wrote:
> Hello all!
>
> I found similar problem about CNAME -> AAAA translation first in ping6
> and traceroute6.
>
> Original report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612232
>
> Then i disocvered it have much more borader scope
> (wget -6, links -6, rsync -6 , ssh -6, traceroute6)
> all was erroring with something like:
>
> # LC_ALL=C wget -6 -nv debian.mirror.cambrium.nl
> wget: unable to resolve host address `debian.mirror.cambrium.nl'
> #
>
> What is different from this bug is that when i do
> "wget -4" or simply "wget" everything works (but of course over ipv4)
> (and similary for all other tools),
>
> What is interesting I am using maradns, so this can be connected.
>
> I also added "options inet6" to the resolv.conf,
> but effect is the same in all cases (wget without -4/-6 connects over ipv4,
> which is a bug anyway as host have IPv6 addres after CNAME resolution).
>
> I guess it is problem with maradns, becuase after changing resolve.conf to
>
> nameserver 217.19.16.130 # IP address of ns1.cambrium.nl.
>
> all tools started to work correctly, becuase server returned everything in single
> response in additional sections:
>
> # host -r -t ANY debian.mirror.cambrium.nl 217.19.16.130
> Using domain server:
> Name: 217.19.16.130
> Address: 217.19.16.130#53
> Aliases:
>
> debian.mirror.cambrium.nl is an alias for mirror.cambrium.nl.
> mirror.cambrium.nl has SOA record ns1.cambrium.nl. postmaster.mirror.cambrium.nl. 1297082265 16384 2048 1048576 2560
> mirror.cambrium.nl has address 217.19.16.188
> mirror.cambrium.nl has IPv6 address 2a02:58:3:2:80::1
> #
>
> # fpdns 217.19.16.130
> fingerprint (217.19.16.130, 217.19.16.130): DJ Bernstein TinyDNS 1.05
> #
>
>
> but maradns 1.4.x do not
>
> # host -t ANY debian.mirror.cambrium.nl MYRESOLVER
> debian.mirror.cambrium.nl is an alias for mirror.cambrium.nl.
> #
> # host debian.mirror.cambrium.nl MYRESOLVER
> debian.mirror.cambrium.nl is an alias for mirror.cambrium.nl.
> mirror.cambrium.nl has address 217.19.16.188
> mirror.cambrium.nl has IPv6 address 2a02:58:3:2:80::1
> # (the last one is of course because host utility performs recursion by itself)
>
>
>
> With deadwood i see no problem:
>
> OTHERBOX# host -6 -t ANY debian.mirror.cambrium.nl '::1'
> Using domain server:
> Name: ::1
> Address: ::1#53
> Aliases:
>
> debian.mirror.cambrium.nl is an alias for mirror.cambrium.nl.
> mirror.cambrium.nl has SOA record ns1.cambrium.nl. postmaster.mirror.cambrium.nl. 1297082265 16384 2048 1048576 2560
> mirror.cambrium.nl has address 217.19.16.188
> mirror.cambrium.nl has IPv6 address 2a02:58:3:2:80::1
> OTHERBOX#
>
> OTHERBOX# deadwood -h
> Deadwood version 20110116-1
> ...
> #
>
> I tested few others recursive servers arround and also BIND 9.x (9.2-9.6)
> looks have to have the same problem.
>
>
> So it is problem/issue, but I do not really know yet if this is bug,
> (need to checks specs).
>
> Question is: shouldn't libc by itself resolve this indirection
> (of course limiting it to one level of CNAME indirection)?
The glibc resolver is not a *recursive* resolver, so it's normal it
doesn't recurse here.
> From behaviour of libc for ipv4 addresses I will safely assume
> that indeed libc should perform it, and nacassarly code for ipv6
> CNAME -> AAAA is missing, but apperently (CNAME -> A) is there.
I may be wrong, but I don't don't think it handle CNAME for the A case.
You are supposed to point your DNS server to a recursive resolver.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
Reply to: