Re: problem with gethostbyaddr() on OBSD 5.4?
Hi Eric, On 02/03/2014 02:00 PM, Robert Urban wrote: Hi Eric, On 02/03/2014 10:48 AM, Eric Faurot wrote: On Sun, Feb 02, 2014 at 03:12:36PM +0100, IMAP List Administration wrote: [I forgot to send this to the list] Hi Eric, On 02/01/2014 11:43 AM, Eric Faurot wrote: The following diff fixes the problems with the example IPs you gave us. - subsequent PTR records are now set as aliases in the hostent - need to accept '/' in dname labels (maybe others?) Since the code differs, I'm guessing your patch is for -current. We're running -stable. Could you possibly supply a patch for that? cheers, Rob Urban Hi, This is the diff against -stable. I've tested the patch, and I cannot reproduce the error. I'm not sure if I was clear above. This patch appears to *fix* my problem. This bug caused my MTA to falsely reject many mails based on FCrDNS. I would have thought the bugfix important enough that an official patch would be made available ASAP. Is there something I'm missing? cheers, Rob Urban
Re: problem with gethostbyaddr() on OBSD 5.4?
On Sun, Feb 02, 2014 at 03:12:36PM +0100, IMAP List Administration wrote: [I forgot to send this to the list] Hi Eric, On 02/01/2014 11:43 AM, Eric Faurot wrote: The following diff fixes the problems with the example IPs you gave us. - subsequent PTR records are now set as aliases in the hostent - need to accept '/' in dname labels (maybe others?) Since the code differs, I'm guessing your patch is for -current. We're running -stable. Could you possibly supply a patch for that? cheers, Rob Urban Hi, This is the diff against -stable. Eric. Index: asr_utils.c === RCS file: /cvs/src/lib/libc/asr/asr_utils.c,v retrieving revision 1.8 diff -u -p -r1.8 asr_utils.c --- asr_utils.c 12 Jul 2013 14:36:21 - 1.8 +++ asr_utils.c 3 Feb 2014 09:44:29 - @@ -55,7 +55,7 @@ dname_check_label(const char *s, size_t return (-1); for (l--; l; l--, s++) - if (!(isalnum(*s) || *s == '_' || *s == '-')) + if (!(isalnum(*s) || *s == '_' || *s == '-' || *s == '/')) return (-1); return (0); Index: gethostnamadr_async.c === RCS file: /cvs/src/lib/libc/asr/gethostnamadr_async.c,v retrieving revision 1.22 diff -u -p -r1.22 gethostnamadr_async.c --- gethostnamadr_async.c 17 Jul 2013 07:43:23 - 1.22 +++ gethostnamadr_async.c 3 Feb 2014 09:44:30 - @@ -504,8 +504,7 @@ hostent_from_packet(int reqtype, int fam if (strcasecmp(rr.rr_dname, dname) != 0) continue; if (hostent_set_cname(h, rr.rr.ptr.ptrname, 1) == -1) - goto fail; - /* XXX See if we need MULTI_PTRS_ARE_ALIASES */ + hostent_add_alias(h, rr.rr.ptr.ptrname, 1); break; case T_A:
Re: problem with gethostbyaddr() on OBSD 5.4?
Hi Eric, On 02/03/2014 10:48 AM, Eric Faurot wrote: On Sun, Feb 02, 2014 at 03:12:36PM +0100, IMAP List Administration wrote: [I forgot to send this to the list] Hi Eric, On 02/01/2014 11:43 AM, Eric Faurot wrote: The following diff fixes the problems with the example IPs you gave us. - subsequent PTR records are now set as aliases in the hostent - need to accept '/' in dname labels (maybe others?) Since the code differs, I'm guessing your patch is for -current. We're running -stable. Could you possibly supply a patch for that? cheers, Rob Urban Hi, This is the diff against -stable. I've tested the patch, and I cannot reproduce the error. Thanks for your help. cheers, Rob Urban
Re: problem with gethostbyaddr() on OBSD 5.4?
On Sat, Feb 01, 2014 at 01:17:21AM +0100, IMAP List Administration wrote: Hello Folks, I run a Postfix MTA on OpenBSD. Recently I migrated the server from OBSD v5.3 to v5.4. Soon afterwards I noticed postfix was falsely rejecting mails based on a FCrDNS (forward-confirmed reverse DNS) test. FCrDNS means the DNS configuration of a connecting client is tested for forward and reverse DNS consistency. I first suspected a change in Postfix, but the developer (Wietse Venema) ruled out any changes to this Postfix functionality. Further investigation shows that gethostbyaddr() behaves differently on OBSD 5.3 and 5.4. The problem seems to manifest itself when the DNS configuration of a client is non-trivial, e.g., when there are multiple PTR records, or when there is a CNAME record which must be resolved before a PTR lookup can be performed. I tested using a slightly modified Postfix utility (gethostbyaddr.c) which I attach below. On OBSD 5.4 this program returns correct results for trivial DNS client configurations, but host address not found for non-trivial ones. On OBSD 5.3 the program returns correct results in all cases. As far as I can tell, the two OBSD systems are configured identically. For example, /etc/resolv.conf has the same lookup order (lookup file bind), and the same nameserver. DNS tools such as host, dig, or Net::DNS return correct results. Here are some examples of IP-addresses that illustrate the problem: 195.234.50.30 72.26.200.202 96.47.67.46 173.231.138.204 To summarize, gethostbyaddr() on OBSD 5.4 does not seem to be behaving properly and not as it did on 5.3. Can anyone confirm this? cheers, Rob Urban Hi, Thanks for your report. The following diff fixes the problems with the example IPs you gave us. - subsequent PTR records are now set as aliases in the hostent - need to accept '/' in dname labels (maybe others?) Please check if it works for you. Eric. Index: asr_utils.c === RCS file: /cvs/src/lib/libc/asr/asr_utils.c,v retrieving revision 1.9 diff -u -p -u -r1.9 asr_utils.c --- asr_utils.c 24 Nov 2013 23:51:29 - 1.9 +++ asr_utils.c 1 Feb 2014 10:34:23 - @@ -55,7 +55,7 @@ dname_check_label(const char *s, size_t return (-1); for (l--; l; l--, s++) - if (!(isalnum((unsigned char)*s) || *s == '_' || *s == '-')) + if (!(isalnum((unsigned char)*s) || *s == '_' || *s == '-' || *s == '/')) return (-1); return (0); Index: gethostnamadr_async.c === RCS file: /cvs/src/lib/libc/asr/gethostnamadr_async.c,v retrieving revision 1.23 diff -u -p -u -r1.23 gethostnamadr_async.c --- gethostnamadr_async.c 24 Nov 2013 23:51:29 - 1.23 +++ gethostnamadr_async.c 1 Feb 2014 10:34:24 - @@ -505,8 +505,7 @@ hostent_from_packet(int reqtype, int fam if (strcasecmp(rr.rr_dname, dname) != 0) continue; if (hostent_set_cname(h, rr.rr.ptr.ptrname, 1) == -1) - goto fail; - /* XXX See if we need MULTI_PTRS_ARE_ALIASES */ + hostent_add_alias(h, rr.rr.ptr.ptrname, 1); break; case T_A:
problem with gethostbyaddr() on OBSD 5.4?
Hello Folks,
I run a Postfix MTA on OpenBSD. Recently I migrated the server from OBSD v5.3
to v5.4. Soon afterwards I noticed postfix was falsely rejecting mails based on
a FCrDNS (forward-confirmed reverse DNS) test. FCrDNS means the DNS
configuration of a connecting client is tested for forward and reverse DNS
consistency.
I first suspected a change in Postfix, but the developer (Wietse Venema) ruled
out any changes to this Postfix functionality.
Further investigation shows that gethostbyaddr() behaves differently on OBSD 5.3
and 5.4.
The problem seems to manifest itself when the DNS configuration of a client is
non-trivial, e.g., when there are multiple PTR records, or when there is a
CNAME record which must be resolved before a PTR lookup can be performed.
I tested using a slightly modified Postfix utility (gethostbyaddr.c) which I
attach below.
On OBSD 5.4 this program returns correct results for trivial DNS client
configurations, but host address not found for non-trivial ones.
On OBSD 5.3 the program returns correct results in all cases.
As far as I can tell, the two OBSD systems are configured identically. For
example, /etc/resolv.conf has the same lookup order (lookup file bind), and
the same nameserver.
DNS tools such as host, dig, or Net::DNS return correct results.
Here are some examples of IP-addresses that illustrate the problem:
195.234.50.30
72.26.200.202
96.47.67.46
173.231.138.204
To summarize, gethostbyaddr() on OBSD 5.4 does not seem to be behaving properly
and not as it did on 5.3.
Can anyone confirm this?
cheers,
Rob Urban
-- snip --
/*
* gethostbyaddr tester. compile with:
*
* cc -o gethostbyaddr gethostbyaddr.c (SunOS 4.x)
*
* cc -o gethostbyaddr gethostbyaddr.c -lnsl (SunOS 5.x)
*
* run as: gethostbyaddr address
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
#include sys/types.h
#include sys/socket.h
#include net/if.h
#include netinet/in.h
#include arpa/inet.h
#include arpa/nameser.h
#include netdb.h
#include stdio.h
#include stdlib.h
main(argc, argv)
int argc;
char **argv;
{
struct hostent *hp;
char addr[INADDRSZ];
if (argc != 2) {
fprintf(stderr, usage: %s i.p.addres\n, argv[0]);
exit(1);
}
// addr = inet_addr(argv[1]);
if (inet_pton(AF_INET, argv[1], (void *)addr) == 0) {
printf(inet_pton failed.\n);
exit(1);
}
if (hp = gethostbyaddr(addr, INADDRSZ, AF_INET)) {
printf(Hostname:\t%s\n, hp-h_name);
printf(Aliases:\t);
while (hp-h_aliases[0])
printf(%s , *hp-h_aliases++);
printf(\n);
printf(Addresses:\t);
while (hp-h_addr_list[0])
printf(%s , inet_ntoa(*(struct in_addr *) * hp-h_addr_list++));
printf(\n);
exit(0);
}
fprintf(stderr, host %s not found\n, argv[1]);
exit(1);
}
Re: problem with gethostbyaddr() on OBSD 5.4?
On 31/01/14 7:17 PM, IMAP List Administration wrote: Hello Folks, I run a Postfix MTA on OpenBSD. Recently I migrated the server from OBSD v5.3 to v5.4. Soon afterwards I noticed postfix was falsely rejecting mails based on a FCrDNS (forward-confirmed reverse DNS) test. FCrDNS means the DNS configuration of a connecting client is tested for forward and reverse DNS consistency. I first suspected a change in Postfix, but the developer (Wietse Venema) ruled out any changes to this Postfix functionality. Further investigation shows that gethostbyaddr() behaves differently on OBSD 5.3 and 5.4. The problem seems to manifest itself when the DNS configuration of a client is non-trivial, e.g., when there are multiple PTR records, or when there is a CNAME record which must be resolved before a PTR lookup can be performed. I tested using a slightly modified Postfix utility (gethostbyaddr.c) which I attach below. On OBSD 5.4 this program returns correct results for trivial DNS client configurations, but host address not found for non-trivial ones. On OBSD 5.3 the program returns correct results in all cases. As far as I can tell, the two OBSD systems are configured identically. For example, /etc/resolv.conf has the same lookup order (lookup file bind), and the same nameserver. DNS tools such as host, dig, or Net::DNS return correct results. Here are some examples of IP-addresses that illustrate the problem: 195.234.50.30 72.26.200.202 96.47.67.46 173.231.138.204 To summarize, gethostbyaddr() on OBSD 5.4 does not seem to be behaving properly and not as it did on 5.3. Can anyone confirm this? Yes, I can reproduce the issue here even with -current. The resolver was replaced with the 5.4 release with a from scratch implementation so it isn't surprising there are some bugs lurking in the code that wouldn't be found until it has gone through more real world testing. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
