On 27.10.2015 15:49, Pasi Sjöholm wrote:
> On 27.10.2015 15:00, SpiderX wrote:
>> This was fixed once (see commit
>> http://git.kernel.org/cgit/network/connman/connman.git/commit/src/dnsproxy.c?h=1.30&id=0439194ed0c5a90f61dbef86d9a51307764da2d7),
>> but then was refactored in later commits

Technically that commit is still working but the thing is that the
uncompress() and forward_dns_reply() are not able to handle few special

> I'm able to reproduce the issue. However it seems that connman's
> dnsproxy properly caches the response, so if I do "host -v -t a bz"
> immediately after the first query there will be a proper response.

Ok, it's not ConnMan's cache from where the response comes correctly on
the next time. The issue is:

1) Some upstream DNS-servers add details in the Authority and additional
sections of the reply when being queried. Eg. dnsmasq does this on this
on replies not coming from it's cache but for ones coming from the cache
it replies only the asked records.

First query:

host -t a -v bz.siirappi.com

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31498
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;bz.siirappi.com.               IN      A

bz.siirappi.com.        60      IN      A

siirappi.com.           3367    IN      NS      ns2.afraid.org.
siirappi.com.           3367    IN      NS      ns1.siirappi.com.

ns1.siirappi.com.       60      IN      AAAA    2001:41d0:8:196a::2
ns2.afraid.org.         67      IN      A
ns2.afraid.org.         67      IN      AAAA    2607:f0d0:3001:92::2

Second query (from cache):

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53006
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;bz.siirappi.com.               IN      A

bz.siirappi.com.        53      IN      A

2) As a workaround Google's public DNS-servers seem not to have any
authority / additional sections in their replies. Those should work ok.

3) For me the uncompress() returns null when being asked to uncompress
nscount from the replies and that's enough for it to bail out.


connmand[10470]: src/dnsproxy.c:forward_dns_reply() req 0x18c02b0 dstid
0x8fe0 altid 0x0865 rcode 0
connmand[10470]: src/dnsproxy.c:uncompress() count 1 ptr 0xbe9d2575 end
0xbe9d260b uptr 0xbe9d2128
connmand[10470]: src/dnsproxy.c:uncompress() pos 2 ulen 16 left 1017
name bsiirappicom
connmand[10470]: src/dnsproxy.c:uncompress() count 2 ptr 0xbe9d2585 end
0xbe9d260b uptr 0xbe9d2147
connmand[10470]: src/dnsproxy.c:uncompress() pos 2 ulen 13 left 986
connmand[10470]: src/dnsproxy.c:uncompress() pos 6 ulen 17 left 962
name nssiirappicom
connmand[10470]: src/dnsproxy.c:uncompress() failed dns_class != ns_c_in

So I guess the bug itself is in the uncompress()-function.

JukkaR: can you please help me with this one as you know how the
uncompress() should work?

connman mailing list

Reply via email to