Hi,
On Tue, 2015-02-10 at 14:39 -0800, Hiro Sugawara wrote:
> 1.26 src/dnsproxy.c fails to process (probably CNAME) answers from
> certain types of external DNS servers, and thus it cannot resolve
> host-only queries such as "www" at all or at least correctly depending
> on the answer content and format. If the default domain list has
> "company.com," it is expected to be resolved as if it were a
> "www.company.com" query, but dnsproxy cannot perform this with certain
> types of external DNS servers.
>
> This may be related to the following threads:
> https://lists.connman.net/pipermail/connman/2014-July/017338.html
> https://lists.connman.net/pipermail/connman/2014-July/017340.html
> https://lists.connman.net/pipermail/connman/2014-July/017346.html
>
> I found answer messages from two versions of BIND fail in different modes:
>
> BIND 9.3.2's answer is misjudged as a "Corrupted packet" probably
> because strip_domain() unexpectedly encounters a compressed label (i.e.
> 0xc000+offset) (in an NS record?).
>
> BIND 9.7.3's answer is ignored and discarded because it contains a
> dns_type of ns_t_ns, which uncompress() ignores and discards.
>
> Both of the Linux BIND servers above have been in production use for
> several years with no unhappy resolvers (except connmand) as far as I know.
Thanks for noticing this, and sorry for the slow reply. Can you provide
a packet dump readable by tcpdump/wireshark for both these so we can fix
the code?
> I found a corporate Windows DNS server is compatible with connman-1.26
> and partial domains are resolved expectedly.
Ok.
> Furthermore, ns_resolv() appends search domains and submits additional
> queries only if the original query is for a single-label partial domain
> such as "www." This seems to disagree with glibc getaddrinfo(3) with
> resolv.conf having a domain/search directive, which always submits
> queries for the original and domain-appended domains to the external DNS
> server(s) regardless of the original query (multi- or single-label).
> This appears more reasonable for resolving multi-label partial domains
> such as "host.zone" with a default domain of "company.com." I notice
> that getaddrinfo(3) even submits "www.company.com" and
> "www.company.com.company.com" queries if the original query is for
> "www.company.com" (i.e. FQDN) and resolv.conf's domain/search directive
> has "company.com" in its list.
This can perhaps also be worked on unless there is some RFC or similar
that recommends otherwise. Is this an issue or just an observation?
> The attached Quick-n-Dirty(TM) patch, when proxy failures mentioned
> above are detected, makes connmand fall back to nodnsproxy mode and
> rewrites resolv.conf so that resolvers will later query directly to
> external DNS servers (proxy mode is preferred and the default, if
> possible, for its internal cache).
That may work, but isn't what we really want. If you can provide the
packet dumps of said nameserver replies, we'll try to get this fixed.
After that we'll try to have you verify the fix :-)
Cheers,
Patrik
_______________________________________________
connman mailing list
[email protected]
https://lists.connman.net/mailman/listinfo/connman
