From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 19192 invoked from network); 24 Jan 2023 08:54:35 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 24 Jan 2023 08:54:35 -0000 Received: (qmail 19913 invoked by uid 550); 24 Jan 2023 08:54:32 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 19880 invoked from network); 24 Jan 2023 08:54:32 -0000 Date: Tue, 24 Jan 2023 03:54:19 -0500 From: Rich Felker To: Barry Bond Cc: "musl@lists.openwall.com" Message-ID: <20230124085419.GJ4163@brightrain.aerifal.cx> References: <20230118152645.GG4163@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] Re: [EXTERNAL] Re: [musl] Behavior change in getaddrbyname() with AF_UNSPEC On Mon, Jan 23, 2023 at 01:34:10AM +0000, Barry Bond wrote: > I now have more data. The DNS queries are being multcast to a > customer's mDNS server implementation. I don't have source code > access to it. In general, pointing the stub resolver at mDNS is not expected to work. It might work under some conditions if it's pointed *only* at mDNS, but the common thing folks try to do like this is pointing resolv.conf at both a real recursive resolver and mDNS hoping this will yield a unioned namespace, which is not how it works. Doing that really requires a unioning proxy resolver (which can also provide functionality like DNSSEC validation etc if desired). > Its behavior is to correctly respond to "A" requests, but drop > "AAAA" requests completely. > > So ​__res_msend_rc() is sending two request messages out ("A" and > "AAAA"), and getting only 1 response back ("A"). The "AAAA" request > is resent, then times out. That leaves alens[0]==54 and alens[1]==0. > That leads to the EAI_AGAIN return in name_from_dns(). > > RFC 8906 (https://datatracker.ietf.org/doc/rfc8906/) seems relevant: > section 3.1.2 says that it is expected the DNS servers return a > response as if it has no data, for unknown rr types. But that's a > best practice and not a hard requirement. MUSL before the relevant > change was OK with a non-reply to the AAAA request, but now requires > the response. There are lots of things that are perfectly valid for a nameserver to do, but which do not answer the question asked by the stub resolver. And if the question is not answered, it cannot draw any conclusion for what to give the application. Timing out then returning success anyway after the timeout was a bug. It only "worked" for this setup before insomuch as someone was happy with waiting 5 seconds for each query to "succeed". I'm not sure what the right waya to do what they want is because I'm not sure exactly what they're tryng to do, but the old behavior isn't it. Rich