From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/11975 Path: news.gmane.org!.POSTED!not-for-mail From: Srinivasa Raghavan Newsgroups: gmane.linux.lib.musl.general Subject: Re: DNS resolution happenning only after timeout Date: Wed, 4 Oct 2017 19:18:10 +0530 Message-ID: References: <20170928102854.GI15263@port70.net> <20170928165528.GA1627@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="001a113e3cb0c736cd055ab8db35" X-Trace: blaine.gmane.org 1507124910 23890 195.159.176.226 (4 Oct 2017 13:48:30 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 4 Oct 2017 13:48:30 +0000 (UTC) To: musl@lists.openwall.com, dalias@libc.org Original-X-From: musl-return-11988-gllmg-musl=m.gmane.org@lists.openwall.com Wed Oct 04 15:48:26 2017 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1dzk26-00056s-WC for gllmg-musl@m.gmane.org; Wed, 04 Oct 2017 15:48:19 +0200 Original-Received: (qmail 20058 invoked by uid 550); 4 Oct 2017 13:48:24 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 20029 invoked from network); 4 Oct 2017 13:48:23 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Nm8dAd0JYxIJxF824dwZ5tM5k5RLDIqou7JE2XC8HFQ=; b=ilBkhnDP/4tqQwWYXGMK2OhpyI7dMbYURd/pX5Lyd67P6p/KwQ5Sq3DJ1JQWj9UrFo 6ZGwlw8//Yu11tSPyPW+whx1na8RYd5RmqFxP7ZrzJZZbPEG1N/EipOc+/frcf2ywaR9 jbnroGDmBqNqt9bE9OZvwHpmOkTFnul75cWrkmGI90S+lNO2bnGUOT5WIkX2byGuofDp sz8DkHzx4DKlWYjQuuZl+9QdVNbxN2Mko+uUAvuCjGCiKTRU/om5GjIRpd7Cu92rjYFt uOIooaDPvG6Fjw6OLW0lrVfbsIt+GBleoZoh56xlEiNzLrky5hDuyfAz/Vp7O+lg3z42 mZDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Nm8dAd0JYxIJxF824dwZ5tM5k5RLDIqou7JE2XC8HFQ=; b=KLH/pIlQd5qxWGJgMyebnVRISxCS2xsLnVjGi3a15Roo0dJ+RstaBwCF4+RJbhht7d suBeDd6w8sQjLGk6nA719INcCw40hxOMp8e5zEpgJKc9Wxk5PPzC8cR7S7DTMtmQyrq3 nEvsP7POayD0TqTaikj8R9ICD7de3rtvnmtfS2qZy5amki5twfVa3Ropdn0OOcY/K5sS UAEg2erYP0jL2Y+Ol5zJv8uBadRpXSnQ2b7j4SBs0vpn3KFJ4fDriumQGoiS6Qsr+p25 1cmlCkVEBaygbBSytYqGQLbYP+rvTG+Uzitkze64Xl9WS+CfBf+L1lIcrK/oLtyu02Xl I+Ag== X-Gm-Message-State: AMCzsaUNkaAvQYE+si/ystNZ5BySh0EoxpaJNmhoklnCqC7h8FrDRs20 mA5HXotHuqHLbtSN+cH8wELlLLQI44Vh/+DMsZpsrQ== X-Google-Smtp-Source: AOwi7QA9lW9yCvcbfG9JlLpMjdQ5yYmtp7B2AdPWa5X0wZ/V98CxnhCTHzN6glZJ8aE3K+jwHsH+mewE1d75QeQ29KE= X-Received: by 10.37.72.131 with SMTP id v125mr4004000yba.12.1507124891299; Wed, 04 Oct 2017 06:48:11 -0700 (PDT) In-Reply-To: <20170928165528.GA1627@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:11975 Archived-At: --001a113e3cb0c736cd055ab8db35 Content-Type: text/plain; charset="UTF-8" Hi Rich, Thanks for the reply. Some updates: 1. Our DNS server is "Infoblox appliance". 2. When we had a delay, we found that there was a "AAAA" query along with "A" query. I did further debugging with "tcpdump" and able to narrow down on the difference in behavior between "debian" and "alpine" images. In debian: If ipv6 is disabled (net.ipv6.conf.default.disable_ipv6 = 1) Then the "nslookup" (or name resolution) does *not* do a "AAAA" query In alpine: If ipv6 is disabled (net.ipv6.conf.default.disable_ipv6 = 1) Then the "nslookup" (or name resolution) does an "AAAA" query along with "A" query Is this intentional? Also, I was wondering if there was any way to disable AAAA query in name resolution? Kind Regards, Srinivasa Raghavan. On Thu, Sep 28, 2017 at 10:25 PM, Rich Felker wrote: > On Thu, Sep 28, 2017 at 12:28:55PM +0200, Szabolcs Nagy wrote: > > * Srinivasa Raghavan [2017-09-28 15:45:28 +0530]: > > > When using "Alpine" docker image which uses musl-libc, we are facing > delay > > > when we do operations like below in our production environment, > > > 1. ping > > > 2. nslookup > > > 3. traceroute > > > 4. http request from node.js > > > > > > > this bug may be related: > > https://github.com/rancher/rancher/issues/9961 > > Yes, I just filed it after reading the discussion on IRC and this bug > report that was linked as describing similar behavior: > > https://github.com/rancher/rancher/issues/4177#issuecomment-332571951 > > This really requires a fix on the rancher-dns side. I'm not sure > exactly what glibc is doing, but it couldn't be giving the behavior > you want without doing something wrong: it's falling back and trying > different search domains when it hasn't been told that the first one > doesn't exist, only that the nameserver is experiencing a problem. > > Rich > --001a113e3cb0c736cd055ab8db35 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Rich,

Thanks for the reply.

=
Some updates:
1. Our DNS server is "Infoblox ap= pliance".
2. When we had a delay, we found t= hat there was a "AAAA" query along with "A" query.

I did further debugging with "tcpdu= mp" and able to narrow down on the difference in behavior between &quo= t;debian" and "alpine" images.

In d= ebian:
If ipv6 is disabled (net.ipv6.conf.default.disable_ipv6 =3D 1)
Then the "nslookup" (or name resolution) does not= do a "AAAA" query

In alpine:
If ipv6 is disabled (net.ipv6.conf.default.disable_ipv6 =3D= 1)
Then the "nslookup" (or name resoluti= on)=C2=A0does an "AAAA" query along with "A" query

Is this intentional?

Also, I = was wondering if there was any way to disable AAAA query in name resolution= ?

Kind Regards,
Srinivasa Raghavan.

On Thu, Sep 28, 2017 at 10:25 PM= , Rich Felker <dalias@libc.org> wrote:
On Thu, Sep 28, 2017 at 12:28:55PM +0200, Sza= bolcs Nagy wrote:
> * Srinivasa Raghavan <raghav= 135@gmail.com> [2017-09-28 15:45:28 +0530]:
> > When using "Alpine" docker image= which uses musl-libc, we are facing delay
> > when we do operations like below in our production environment, > > 1. ping <name>
> > 2. nslookup <name>
> > 3. traceroute <name>
> > 4. http request from node.js
> >
>
> this bug may be related:
> https://github.com/rancher/rancher/issues/99= 61

Yes, I just filed it after reading the discussion on IRC and this bug
report that was linked as describing similar behavior:

https://github.com/rancher/rancher/issues/4177#issuecomment-332571951

This really requires a fix on the rancher-dns side. I'm not sure
exactly what glibc is doing, but it couldn't be giving the behavior
you want without doing something wrong: it's falling back and trying different search domains when it hasn't been told that the first one doesn't exist, only that the nameserver is experiencing a problem.

Rich

--001a113e3cb0c736cd055ab8db35--