Hi, we run alpine based docker images in AWS (inside our VPCs). Which means that we're using dns servers provided by the AWS[1]. The problem arises when we want to resolve a dns record that yields a large response, for example: $ nslookup eu.data.logs.insight.rapid7.com Server: 10.11.12.13 Address: 10.11.12.13:53 Non-authoritative answer: *** Can't find eu.data.logs.insight.rapid7.com: No answer Non-authoritative answer: *** Can't find eu.data.logs.insight.rapid7.com: No answer According to what I managed to find out the reasons are as follows: * edns0 is not advertise by the resolver * there is no retry with TCP Please advise on how we could reconfigure our images so that we're able to resolve records with lots of RRs with a musl resolver. 1 - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSBehavior.html -- *The information contained in this message is intended for the addressee only and may contain classified information. If you are not the addressee, please delete this message and notify the sender; you should not copy or distribute this message or disclose its contents to anyone. Any views or opinions expressed in this message are those of the individual(s) and not necessarily of the organization. No reliance may be placed on this message without written confirmation from an authorised representative of its contents. No guarantee is implied that this message or any attachment is virus free or has not been intercepted and amended.*
* Bartłomiej Palmowski: > we run alpine based docker images in AWS (inside our VPCs). Which > means that we're using dns servers provided by the AWS[1]. The problem > arises when we want to resolve a dns record that yields a large > response, for example: There has been a previous thread on this topic, around this message: <https://www.openwall.com/lists/musl/2020/04/18/7> Not sure if anything has changed in the code since then. Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
I'm not an expert on this so it's possible that I'm mixing things up,
but from my tests it seems like enabling edns0 extension would help a
great deal with this type of issue. With glibc it is an option in
resolv.conf, I don't see if musl supports this.
On Tue, 3 Nov 2020 at 18:07, Florian Weimer <fweimer@redhat.com> wrote:
>
> * Bartłomiej Palmowski:
>
> > we run alpine based docker images in AWS (inside our VPCs). Which
> > means that we're using dns servers provided by the AWS[1]. The problem
> > arises when we want to resolve a dns record that yields a large
> > response, for example:
>
> There has been a previous thread on this topic, around this message:
>
> <https://www.openwall.com/lists/musl/2020/04/18/7>
>
> Not sure if anything has changed in the code since then.
>
> Thanks,
> Florian
> --
> Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
>
--
*The information contained in this message is intended for the addressee
only and may contain classified information. If you are not the addressee,
please delete this message and notify the sender; you should not copy or
distribute this message or disclose its contents to anyone. Any views or
opinions expressed in this message are those of the individual(s) and not
necessarily of the organization. No reliance may be placed on this message
without written confirmation from an authorised representative of its
contents. No guarantee is implied that this message or any attachment is
virus free or has not been intercepted and amended.*