Bug#960739: libc-bin: getaddrinfo() fails with EAI_AGAIN when the DNS query returns a large number of A and AAAA records.

To: Mike Przybylski <mike.przybylski@appdynamics.com>
Cc: 960739@bugs.debian.org
Subject: Bug#960739: libc-bin: getaddrinfo() fails with EAI_AGAIN when the DNS query returns a large number of A and AAAA records.
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sun, 17 May 2020 00:45:13 +0200
Message-id: <[🔎] 20200516224513.GC2448@aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 960739@bugs.debian.org
In-reply-to: <[🔎] 94E4886C-4700-44B3-8D69-6327FDFE718F@appdynamics.com>
References: <[🔎] 158960307863.9098.7671752556231700959.reportbug@sandbox> <[🔎] 20200516121136.GC734570@aurel32.net> <[🔎] 94E4886C-4700-44B3-8D69-6327FDFE718F@appdynamics.com> <[🔎] 158960307863.9098.7671752556231700959.reportbug@sandbox>

Hi Mike,

On 2020-05-16 10:57, Mike Przybylski wrote:
> Hi, Aurelien,
> 
> Thank you for looking into this.  I really appreciate it.
> 
> > Which nameserver do you use?
> 
> Google DNS ( 8.8.8.8 and 8.8.4.4 )
> 
> > As the answer is probably large, it might
> > be interesting to check if it supports TCP connections as a fallback.
> > Alternative you might want to enable edns0 if it's not already done.
> 
> I will definitely look into that.
> 
> > Could you try with other nameservers, there are many public DNS servers
> > available to test.
> 
> I’m sorry that I didn’t think of that.  Everything works fine with OpenDNS ( 208.67.222.222 and  208.67.220.220 ).
> 
> > Finally would it be possible to get a tcpdump trace of the issue? That
> > would likely help to understand the issue.
> 
> Please see the attached pcap file.

Thanks a lot for the pcap file. I got a look at it, and there is indeed
something fishy:
- 10.0.2.15 asks 8.8.8.8/UDP for A download.docker.com (query 0xd009)
- 10.0.2.15 asks 8.8.8.8/UDP for AAAA download.docker.com (query 0x710a)
- 8.8.8.8 answers query 0xd009
- 8.8.8.8 answers query 0x710a but marks it as truncated as it it too
  big.

Up to there all looks normal. As expected the AAAA query 0x710a is
retried using TCP:
- 10.0.2.15 asks 8.8.8.8/TCP for AAAA download.docker.com (query 0x710a)
- 8.8.8.8 answers to query *0xd009* with the *A* records. This is
  totally unexpected.

The glibc resolvers therefore retries with the second name server:
- 10.0.2.15 asks 8.8.8.4/TCP for AAAA download.docker.com (query 0x710a)
- 8.8.8.4 answers to query *0xd009* with the *A* records, the same way
  as 8.8.8.8. This is again totally unexpected.

As both TCP queries failed, glibc concludes there is a server error.

I have no idea what could explain that, it seems there is something
between the Google DNS servers and you host mangling the answers. I
noticed that the IP of your host is 10.0.2.15. Could it be a QEMU or
Virtualbox VM running with the user mode network stack?

Regards,
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

Follow-Ups:
- Bug#960739: libc-bin: getaddrinfo() fails with EAI_AGAIN when the DNS query returns a large number of A and AAAA records.
  - From: Mike Przybylski <mike.przybylski@appdynamics.com>

References:
- Bug#960739: libc-bin: getaddrinfo() fails with EAI_AGAIN when the DNS query returns a large number of A and AAAA records.
  - From: Michael Przybylski <mikeprz@cisco.com>
- Bug#960739: libc-bin: getaddrinfo() fails with EAI_AGAIN when the DNS query returns a large number of A and AAAA records.
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#960739: libc-bin: getaddrinfo() fails with EAI_AGAIN when the DNS query returns a large number of A and AAAA records.
  - From: Mike Przybylski <mike.przybylski@appdynamics.com>

Prev by Date: Processed: Bug#960783 marked as pending in tzdata
Next by Date: [Git][glibc-team/glibc][glibc-2.31] debian/debhelper.in/libc.NEWS: add an entry explaining the new trust-ad option in resolv.conf.
Previous by thread: Bug#960739: libc-bin: getaddrinfo() fails with EAI_AGAIN when the DNS query returns a large number of A and AAAA records.
Next by thread: Bug#960739: libc-bin: getaddrinfo() fails with EAI_AGAIN when the DNS query returns a large number of A and AAAA records.
Index(es):
- Date
- Thread