subject:"searchdns does not work in connman 1.30"

Re: searchdns does not work in connman 1.30

2015-10-29 Thread Pasi Sjöholm

On 27.10.2015 15:49, Pasi Sjöholm wrote:
> On 27.10.2015 15:00, SpiderX wrote:
>> This was fixed once (see commit
>> http://git.kernel.org/cgit/network/connman/connman.git/commit/src/dnsproxy.c?h=1.30=0439194ed0c5a90f61dbef86d9a51307764da2d7),
>> but then was refactored in later commits

Technically that commit is still working but the thing is that the
uncompress() and forward_dns_reply() are not able to handle few special
cases.

> I'm able to reproduce the issue. However it seems that connman's
> dnsproxy properly caches the response, so if I do "host -v -t a bz"
> immediately after the first query there will be a proper response.

Ok, it's not ConnMan's cache from where the response comes correctly on
the next time. The issue is:

1) Some upstream DNS-servers add details in the Authority and additional
sections of the reply when being queried. Eg. dnsmasq does this on this
on replies not coming from it's cache but for ones coming from the cache
it replies only the asked records.

First query:

host -t a -v bz.siirappi.com

--cut--
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31498
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;bz.siirappi.com.   IN  A

;; ANSWER SECTION:
bz.siirappi.com.60  IN  A   1.2.3.4

;; AUTHORITY SECTION:
siirappi.com.   3367IN  NS  ns2.afraid.org.
siirappi.com.   3367IN  NS  ns1.siirappi.com.

;; ADDITIONAL
SECTION:http://git.kernel.org/cgit/network/connman/connman.git/tree/src/dnsproxy.c#n2056
ns1.siirappi.com.   60  IN  2001:41d0:8:196a::2
ns2.afraid.org. 67  IN  A   208.43.71.243
ns2.afraid.org. 67  IN  2607:f0d0:3001:92::2
--cut--

Second query (from cache):

--cut--
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53006
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bz.siirappi.com.   IN  A

;; ANSWER SECTION:
bz.siirappi.com.53  IN  A   1.2.3.4
--cut--

2) As a workaround Google's public DNS-servers seem not to have any
authority / additional sections in their replies. Those should work ok.

3) For me the uncompress() returns null when being asked to uncompress
nscount from the replies and that's enough for it to bail out.

(http://git.kernel.org/cgit/network/connman/connman.git/tree/src/dnsproxy.c#n2056)

--cut--
connmand[10470]: src/dnsproxy.c:forward_dns_reply() req 0x18c02b0 dstid
0x8fe0 altid 0x0865 rcode 0
connmand[10470]: src/dnsproxy.c:uncompress() count 1 ptr 0xbe9d2575 end
0xbe9d260b uptr 0xbe9d2128
connmand[10470]: src/dnsproxy.c:uncompress() pos 2 ulen 16 left 1017
name bsiirappicom
connmand[10470]: src/dnsproxy.c:uncompress() count 2 ptr 0xbe9d2585 end
0xbe9d260b uptr 0xbe9d2147
connmand[10470]: src/dnsproxy.c:uncompress() pos 2 ulen 13 left 986
namesiirappicom
connmand[10470]: src/dnsproxy.c:uncompress() pos 6 ulen 17 left 962
name nssiirappicom
connmand[10470]: src/dnsproxy.c:uncompress() failed dns_class != ns_c_in
--cut--

So I guess the bug itself is in the uncompress()-function.

JukkaR: can you please help me with this one as you know how the
uncompress() should work?

Br,
Pasi
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

searchdns does not work in connman 1.30

2015-10-27 Thread SpiderX

Hello,

# connmand -v
1.30

Here is current service config:
connmanctl> services ethernet_64315095faf8_cable
/net/connman/service/ethernet_64315095faf8_cable
  Type = ethernet
  Security = [  ]
  State = online
  Favorite = True
  Immutable = False
  AutoConnect = True
  Name = Wired
  Ethernet = [ Method=auto, Interface=enp37s0,
Address=64:31:50:95:FA:F8, MTU=1500 ]
  IPv4 = [ Method=dhcp, Address=10.21.5.154, Netmask=255.255.255.0,
Gateway=10.21.5.250 ]
  IPv4.Configuration = [ Method=dhcp ]
  IPv6 = [  ]
  IPv6.Configuration = [ Method=off ]
  Nameservers = [ 91.193.69.4, 91.193.69.22 ]
  Nameservers.Configuration = [  ]
  Timeservers = [ 10.21.5.250, ntp.time.in.ua, ntp2.time.in.ua,
ntp3.time.in.ua ]
  Timeservers.Configuration = [  ]
  Domains = [ gts.dp.ua ]
  Domains.Configuration = [ gts.dp.ua ]
  Proxy = [ Method=direct ]
  Proxy.Configuration = [  ]
  Provider = [  ]

Domains = [ gts.dp.ua ]. so gts.dp.ua should be appended to dns query.

~ $ host -v nefrit1
Trying "nefrit1"
Host nefrit1 not found: 3(NXDOMAIN)
Received 100 bytes from 127.0.0.1#53 in 0 ms

tcpdump:
# tcpdump -npi enp37s0 port 53
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp37s0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:27:51.032322 IP 10.21.5.154.32905 > 91.193.69.4.53: 51887+ A? nefrit1. (25)
14:27:51.032337 IP 10.21.5.154.32905 > 91.193.69.4.53: 84+ A?
nefrit1.gts.dp.ua. (35)
14:27:51.032345 IP 10.21.5.154.59459 > 91.193.69.22.53: 51887+ A? nefrit1. (25)
14:27:51.032350 IP 10.21.5.154.59459 > 91.193.69.22.53: 84+ A?
nefrit1.gts.dp.ua. (35)
14:27:51.032760 IP 91.193.69.22.53 > 10.21.5.154.59459: 51887 NXDomain
0/1/0 (100)
14:27:51.032773 IP 91.193.69.22.53 > 10.21.5.154.59459: 84* 1/2/2 A
91.193.69.12 (119)
14:27:51.033253 IP 91.193.69.4.53 > 10.21.5.154.32905: 84 1/2/2 A
91.193.69.12 (119)
14:27:51.040717 IP 91.193.69.4.53 > 10.21.5.154.32905: 51887 NXDomain
0/1/0 (100)

So, we have two queries to two nameservers. Two of them have returned
NXDomain, and this result was sent back to a client.
I think this behaviour is wrong, client shouldn't get NXDomain when
other non-nxdomain replies from nameservers exist.

This was fixed once (see commit
http://git.kernel.org/cgit/network/connman/connman.git/commit/src/dnsproxy.c?h=1.30=0439194ed0c5a90f61dbef86d9a51307764da2d7),
but then was refactored in later commits

-
Vladimir Pavljuchenkov
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: searchdns does not work in connman 1.30

2015-10-27 Thread Pasi Sjöholm

On 27.10.2015 15:00, SpiderX wrote:
> ~ $ host -v nefrit1
> Trying "nefrit1"
> Host nefrit1 not found: 3(NXDOMAIN)
> Received 100 bytes from 127.0.0.1#53 in 0 ms
>
> So, we have two queries to two nameservers. Two of them have returned
> NXDomain, and this result was sent back to a client.
> I think this behaviour is wrong, client shouldn't get NXDomain when
> other non-nxdomain replies from nameservers exist.
> 
> This was fixed once (see commit
> http://git.kernel.org/cgit/network/connman/connman.git/commit/src/dnsproxy.c?h=1.30=0439194ed0c5a90f61dbef86d9a51307764da2d7),
> but then was refactored in later commits

I'm able to reproduce the issue. However it seems that connman's
dnsproxy properly caches the response, so if I do "host -v -t a bz"
immediately after the first query there will be a proper response.

Though, it would be nice if it would work also when the response is not
in the cache. I will try to check what broke it..

First try:
host -v -t a bz
Trying "bz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44260
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bz.IN  A

Received 20 bytes from 127.0.0.1#53 in 122 ms

Second try:
host -v -t a bz
Trying "bz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26675
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bz.IN  A

;; ANSWER SECTION:
bz. 49  IN  A   1.2.3.4

Received 38 bytes from 127.0.0.1#53 in 7 ms

Br,
Pasi


___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: searchdns does not work in connman 1.30

searchdns does not work in connman 1.30

Re: searchdns does not work in connman 1.30

3 matches

Site Navigation

Mail list logo

Footer information