From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 15901 invoked from network); 31 Aug 2022 17:41:03 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 31 Aug 2022 17:41:03 -0000 Received: (qmail 15434 invoked by uid 550); 31 Aug 2022 17:40:59 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 7430 invoked from network); 31 Aug 2022 17:33:54 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc; bh=XCzkI7ZHA0y3Gg5PBbPXkik766SNpg5Y//vO0i7mEDs=; b=KP6U49oE5ZVdXbkUBpCSz2waXv9+cuthjz1r6H6t8pHk/XSUJKoX5izJMGsZms5VNS ONiihA6gcu0w+DC0Dl+0kX8HHMuj73FrG/vyjJ+NJ82DWAcd3jj+SbUPeaAMdvBAXSno mGXl2nZiVb+voVv5WcXi4yWYI1q0IuFjweZuNwfCxWWvcxyvAJbzOcOuXWVARjiewfbp IXk0Yv6P7i3BVKK29UjYRD5JKAPaRm3upBMnorJtx+SAVy45f1SOa27A2ypQUPsPb5y2 x03Y6CEGw8Y2ysmO54xc244opibpypuveFr//SwbTi00qrrpZfQQQl5CX+SPUcc/1fu2 W9Mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc; bh=XCzkI7ZHA0y3Gg5PBbPXkik766SNpg5Y//vO0i7mEDs=; b=RyJF7dqik/KKMBs7qqmN7numC7yXjJQ7oQPSR7amzESUjFjL38NgR/PNiScTMgVwpS sJSq0SeeQHoi0hHm3F/gpLALyxYaNbe8h0KRb1avr5fKAW5tODIXAj81qJeabBZ4QJQX 6Cuat8Mngs23P+BdtMYv5m4j1cPSiXFMQQFDNtczrdqNrRXMiYtuEPWOX2ht3ox66rak qxTO+uL/I4nnCeZ84biWpTnRirN8gCWn5cpdBOBACe2HPzxuAgS0BxbEc4SDoiNOBC2+ LEEAlHf/3dWXuqlRD+Ff84GPcLXaSanx6MnR0bWZZWKPh3AsNZTymKPFgYzWFh1nO3iM HMig== X-Gm-Message-State: ACgBeo2dkhWXxVlT4Nf9W2wudWZgIo6V75U3fRr3hVZpHNwVzyQM0fYD CCCyzgw03lIk0X69XqIp0c1CVQhH1E5GNqsmNtQH4GcobKc= X-Google-Smtp-Source: AA6agR7C4Dm/w/nJGmHKicoCsixgKu6bZXT5D80t+ck35e7iqOZXPSe2VC0qY4GSMG4Bku2P+tMpt+mo1Bqe3zwGrgk= X-Received: by 2002:a63:ef49:0:b0:42b:40b5:9bc4 with SMTP id c9-20020a63ef49000000b0042b40b59bc4mr22960692pgk.266.1661967221607; Wed, 31 Aug 2022 10:33:41 -0700 (PDT) MIME-Version: 1.0 From: Dalton Hubble Date: Wed, 31 Aug 2022 10:33:05 -0700 Message-ID: To: musl@lists.openwall.com Content-Type: multipart/alternative; boundary="000000000000df513305e78ce523" Subject: [musl] musl resolver handling of "search ." in /etc/resolv.conf --000000000000df513305e78ce523 Content-Type: text/plain; charset="UTF-8" Hey folks, I wanted to flag a possible issue with musl handling of DNS "search ." in /etc/resolv.conf.The easiest way I have to repro and consume musl is starting an alpine or busybox musl container image. podman run -it docker.io/alpine:3.16.2 /bin/ash Edit /etc/resolv.conf to the following (not the "." at the end of search): ``` search default.svc.cluster.local . nameserver 8.8.8.8 options ndots:5 ``` ``` wget www.google.com wget: bad address 'www.google.com' ``` Remove the "." from search and wget will work fine again. https://github.com/coreos/fedora-coreos-tracker/issues/1287 has some great details showing DNS packet capture and a malformed packet. Broader context is that systemd and recently Kubernetes start adding "search ." to resolv.conf in certain scenarios, which seems to break musl-based resolvers. - https://github.com/systemd/systemd/pull/17201 - https://github.com/kubernetes/kubernetes/pull/109441 - https://github.com/kubernetes/kubernetes/issues/112135 -- Dalton Hubble dghubble@gmail.com --000000000000df513305e78ce523 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey folks,

I wanted to flag = a possible issue with musl handling of DNS "search ." in /etc/res= olv.conf.The easiest way I have to repro and consume musl is starting an al= pine or busybox musl container image.

podman run -= it docker.io/alpine:3.16.2 /= bin/ash

Edit /etc/resolv.conf to the following (no= t the "." at the end of search):

```=
search default.svc.cluster.local .
nameserver 8.8.8.8
= options ndots:5
```

```
wg= et www.google.com
wget: bad addres= s 'www.google.com'
<= div>```

Remove the "." from search and w= get will work fine again.

https://github.com/cor= eos/fedora-coreos-tracker/issues/1287 has some great details showing DN= S packet capture and a malformed packet.

Broader c= ontext is that systemd and recently Kubernetes start adding "search .&= quot; to resolv.conf in certain scenarios, which seems to break musl-based = resolvers.






--
Dalton Hubble
--000000000000df513305e78ce523--