From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 13705 invoked from network); 11 Jul 2022 00:09:07 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 11 Jul 2022 00:09:07 -0000 Received: (qmail 9335 invoked by uid 550); 11 Jul 2022 00:09:03 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 9294 invoked from network); 11 Jul 2022 00:09:02 -0000 Date: Sun, 10 Jul 2022 20:08:47 -0400 From: Rich Felker To: Felix Tailor Cc: "musl@lists.openwall.com" Message-ID: <20220711000846.GX7074@brightrain.aerifal.cx> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] resolv.conf misconfiguration, Round-Robin bug in musl or something else? On Thu, Jul 07, 2022 at 06:16:41PM +0000, Felix Tailor wrote: > Hello, > > I have encountered an issue when trying to resolve hosts that have > multiple IPv4 addresses: I get the same IPv4 address for the host. I > use ping or wget from busybox, which is linked against musl. > > The issue occurs when there are IPv4 and IPv6 nameservers in > resolv.conf. If I leave only one nameserver (IPv4 or IPv6), I get > different IPv4 values (Round-Robin) as expected. > > To reproduce this issue: > > 1. Install Docker and enable IPv6: https://docs.docker.com/config/daemon/ipv6/ > > 2. Execute: > > > docker run --rm -it alpine:3.16.0 sh > > apk add --no-cache dnsmasq > > cat </etc/resolv.conf > nameserver 127.0.0.1 > nameserver ::1 > EOF > > cat </etc/dnsmasq.conf > addn-hosts=/etc/addn-hosts > local=/lan/ > EOF > > cat </etc/addn-hosts > 127.1.1.1 local.lan > 127.2.2.2 local.lan > EOF > > dnsmasq -C /etc/dnsmasq.conf -d & > > i=0; while [ $i -lt 3 ]; do ping -qc1 local.lan; i=$((i+1)); done > > > PING local.lan (127.1.1.1) 56(84) bytes of data. > > --- local.lan ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.006/0.006/0.006/0.000 ms > PING local.lan (127.1.1.1) 56(84) bytes of data. > > --- local.lan ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.004/0.004/0.004/0.000 ms > PING local.lan (127.1.1.1) 56(84) bytes of data. > > --- local.lan ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.004/0.004/0.004/0.000 ms > > > Ping always returns the same IPv4 address, but with nslookup different IPv4 addresses are returned, so Round-Robin seems to work: > > > root@eb8d4fb49d34:/# nslookup local.lan > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Name: local.lan > Address: 127.1.1.1 > Name: local.lan > Address: 127.2.2.2 > > root@eb8d4fb49d34:/# nslookup local.lan > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Name: local.lan > Address: 127.2.2.2 > Name: local.lan > Address: 127.1.1.1 > > root@eb8d4fb49d34:/# nslookup local.lan > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Name: local.lan > Address: 127.1.1.1 > Name: local.lan > Address: 127.2.2.2 > > > Questions: > 1. Why is Round-Robin not working with musl for hosts with multiple > IPv4 addresses when using multiple different IP protocol nameservers > in resolv.conf? The round-robin order cycles each time a query is answered, and when the nameserver is repeated twice, it's queried twice for each call to the musl stub resolver (both in parallel), and since there are only two records to round-robin cycle, the square of the 2-cycle is the identity. > 2. Is it reasonable to have multiple different IP protocol > nameservers for localhost in resolv.conf? No, there is no reason to list more than one address for the same nameserver unless they correspond to different routes to it, where one may be down but the other up. Is there a reason you thought you needed to do this? That may point to some other misconception you should check out. > 3. Is replacing the contents of resolv.conf in this example with > 'nameserver localhost' a viable solution? No, you cannot use names in place of IP literals here. That would introduce a circular dependency (on resolving the name).