Re: Queries with less than `ndots` dots never lead to resolution using the global namespace if the `search` domains don't work

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: Queries with less than `ndots` dots never lead to resolution using the global namespace if the `search` domains don't work
Date: Wed, 15 Mar 2017 13:22:53 -0400	[thread overview]
Message-ID: <20170315172253.GH1693@brightrain.aerifal.cx> (raw)
In-Reply-To: <1e14e4e5bddc41518ff651e4b841c2b1@CHBARSRV1EXCHP1.ANYACCESS.NET>

On Wed, Mar 15, 2017 at 05:10:08PM +0000, dominic.chambers@glencore.com wrote:
> HI Rich,
> 
> I've attached the results from running the following two commands:
> 
>   1. ` strace ./gai3a google.com 2> strace_of_google-com.txt`
>   2. ` strace ./gai3a google.com.default.svc 2> strace_of_google-com-default-svc.txt`
> 
> Is this what you were looking for or can I provide something more useful?

Yes, this works. Here's the problem:

> execve("./gai3a", ["./gai3a", "google.com"], [/* 15 vars */]) = 0
> [...]
> socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 3
> bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
> sendto(3, "\271\377\1\0\0\1\0\0\0\0\0\0\6google\3com\7default\3"..., 54, MSG_NOSIGNAL, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.43.0.10")}, 16) = 54
> sendto(3, "\341\262\1\0\0\1\0\0\0\0\0\0\6google\3com\7default\3"..., 54, MSG_NOSIGNAL, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.43.0.10")}, 16) = 54
> poll([{fd=3, events=POLLIN}], 1, 2500)  = 1 ([{fd=3, revents=POLLIN}])
> recvfrom(3, "\271\377\201\203\0\1\0\0\0\1\0\0\6google\3com\7default\3"..., 512, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.43.0.10")}, [16]) = 147
> recvfrom(3, "\341\262\201\203\0\1\0\0\0\1\0\0\6google\3com\7default\3"..., 512, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.43.0.10")}, [16]) = 147
                        ^^^^^^^

This correctly returns NxDomain (the \203 byte). But:

> [...]
> socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 3
> bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
> sendto(3, "H\244\1\0\0\1\0\0\0\0\0\0\6google\3com\7kubelet\n"..., 64, MSG_NOSIGNAL, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.43.0.10")}, 16) = 64
> sendto(3, "K\266\1\0\0\1\0\0\0\0\0\0\6google\3com\7kubelet\n"..., 64, MSG_NOSIGNAL, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.43.0.10")}, 16) = 64
> poll([{fd=3, events=POLLIN}], 1, 2500)  = 1 ([{fd=3, revents=POLLIN}])
> recvfrom(3, "H\244\205\200\0\1\0\0\0\1\0\0\6google\3com\7kubelet\n"..., 512, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.43.0.10")}, [16]) = 100
> recvfrom(3, 0x7fff9c3f83c0, 512, 0, 0x7fff9c3f7e70, [16]) = -1 EAGAIN (Resource temporarily unavailable)
> poll([{fd=3, events=POLLIN}], 1, 2498)  = 1 ([{fd=3, revents=POLLIN}])
> recvfrom(3, "K\266\205\200\0\1\0\0\0\1\0\0\6google\3com\7kubelet\n"..., 512, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.43.0.10")}, [16]) = 100
                    ^^^^^^^^

Here we see your nameserver returning a RCODE=0 (Success, the \200
byte) reply for google.com.kubelet[...] rather than NxDomain. Sorry I
don't have the full name; you need to pass a larger -s to strace to
get it not to truncate strings. You need to figure out why the
nameserver is claiming this exists; it might be some sort of wildcard
record or just a buggy nameserver (probably some component of
kubernetes).

Rich

next prev parent reply	other threads:[~2017-03-15 17:22 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-15 10:28 dominic.chambers
2017-03-15 12:25 ` Rich Felker
2017-03-15 12:58   ` dominic.chambers
2017-03-15 15:11     ` Rich Felker
2017-03-15 16:58       ` dominic.chambers
2017-03-15 17:10       ` dominic.chambers
2017-03-15 17:22         ` Rich Felker [this message]
2017-03-15 19:26           ` dominic.chambers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170315172253.GH1693@brightrain.aerifal.cx \
    --to=dalias@libc.org \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).