From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/11137 Path: news.gmane.org!.POSTED!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: Queries with less than `ndots` dots never lead to resolution using the global namespace if the `search` domains don't work Date: Wed, 15 Mar 2017 08:25:15 -0400 Message-ID: <20170315122515.GD1693@brightrain.aerifal.cx> References: <075030ca6fc64b13be5651fe32c5e770@CHBARSRV1EXCHP1.ANYACCESS.NET> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: blaine.gmane.org 1489580733 8388 195.159.176.226 (15 Mar 2017 12:25:33 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 15 Mar 2017 12:25:33 +0000 (UTC) User-Agent: Mutt/1.5.21 (2010-09-15) To: musl@lists.openwall.com Original-X-From: musl-return-11152-gllmg-musl=m.gmane.org@lists.openwall.com Wed Mar 15 13:25:28 2017 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1co7zX-0001AL-QT for gllmg-musl@m.gmane.org; Wed, 15 Mar 2017 13:25:23 +0100 Original-Received: (qmail 11441 invoked by uid 550); 15 Mar 2017 12:25:28 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 11417 invoked from network); 15 Mar 2017 12:25:27 -0000 Content-Disposition: inline In-Reply-To: <075030ca6fc64b13be5651fe32c5e770@CHBARSRV1EXCHP1.ANYACCESS.NET> Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:11137 Archived-At: On Wed, Mar 15, 2017 at 10:28:15AM +0000, dominic.chambers@glencore.com wrote: > As you can see from the comments starting here: > > https://github.com/gliderlabs/docker-alpine/issues/8#issuecomment-223901519 > > quite a number of people are finding that the `search` and `domain` support added to musl libc doesn't work in their case. In that same issue I wrote my findings up, here: > > https://github.com/gliderlabs/docker-alpine/issues/8#issuecomment-286561614 > > which I'll duplicate here so that's it's archived on the mailing list: > > [...] > > While I can confirm the second part (queries greater > than `ndots` never fall-back to using search), the first part > (queries smaller than `ndots` fall-back to using an absolute query) > isn't what I observe. > > Using dig on an Ubuntu container and attempting to resolve the > nonsensical query `google.com.default.svc.cluster.local` (simulates > the type of initial query for a short domain that would be > occurring) returns a `QUESTION SECTION` and an `AUTHORITY SECTION`, > but no `ANSWER SECTION`. This should cause musl libc to attempt to > resolve the absolute query (`google.com`) instead, yet it doesn't > seem to based on the final result of the query. This is where your problem lies. A response with an empty answer section is an affirmative answer that the requested name exists but has no records of the requested type (A or AAAA). In this case the answer must be accepted; otherwise results are inconsistent depending on how the query is performed. See the previous discussion of the same topic here: http://www.openwall.com/lists/musl/2017/01/19/4 and commit 0fef7ffac114befc94ab5fa794a1754442dcd531. To fix the problem, whatever local nameserver is returning affirmative no-A-record results for nonexistent domains needs to be fixed to return NxDomain. Rich