[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
This bug was fixed in the package keyutils - 1.6-6ubuntu1.1 --- keyutils (1.6-6ubuntu1.1) focal; urgency=medium * d/p/apply-default-ttl-to-records.patch: Add patch to apply default TTL to records obtained from getaddrinfo(). (LP: #1962453) -- Utkarsh Gupta Fri, 27 May 2022 14:33:22 +0530 ** Changed in: keyutils (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Fix Released Status in keyutils source package in Impish: Fix Released Status in keyutils source package in Jammy: Fix Released Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
This bug was fixed in the package keyutils - 1.6.1-2ubuntu2.1 --- keyutils (1.6.1-2ubuntu2.1) impish; urgency=medium * d/p/apply-default-ttl-to-records.patch: Add patch to apply default TTL to records obtained from getaddrinfo(). (LP: #1962453) -- Utkarsh Gupta Fri, 27 May 2022 14:54:36 +0530 ** Changed in: keyutils (Ubuntu Impish) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Fix Committed Status in keyutils source package in Impish: Fix Released Status in keyutils source package in Jammy: Fix Released Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Hi Shyam, Thank you for testing this out. Marking the same. ** Tags removed: verification-needed-focal verification-needed-impish ** Tags added: verification-done-focal verification-done-impish -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Fix Committed Status in keyutils source package in Impish: Fix Committed Status in keyutils source package in Jammy: Fix Released Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Verified in both focal and impish that the bug is fixed with the keyutils package in the proposed repo. Also ran some sanity tests to make sure that other functionalities are not affected. You can mark this as verified. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Fix Committed Status in keyutils source package in Impish: Fix Committed Status in keyutils source package in Jammy: Fix Released Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Thanks Robie/Utkarsh. I will test out the package in the proposed repositories and update here. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Fix Committed Status in keyutils source package in Impish: Fix Committed Status in keyutils source package in Jammy: Fix Released Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Hello Utkarsh, or anyone else affected, Accepted keyutils into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/keyutils/1.6.1-2ubuntu2.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-impish. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: keyutils (Ubuntu Impish) Status: Incomplete => Fix Committed ** Tags added: verification-needed-impish ** Changed in: keyutils (Ubuntu Focal) Status: Incomplete => Fix Committed ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Fix Committed Status in keyutils source package in Impish: Fix Committed Status in keyutils source package in Jammy: Fix Released Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Hi Seb, Fixed that. And yes, it's already fixed in Jammy. See the first comment. :) ** Also affects: keyutils (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: keyutils (Ubuntu Jammy) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Status in keyutils source package in Jammy: Fix Released Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
What's the status in 22.04? Wasn't it fixed in https://bugs.launchpad.net/ubuntu/+source/keyutils/1.6.1-2ubuntu3 ? Should we reopen for the current serie? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Hi Utkarsh, Is the backport taken for all the above versions as well? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Hi Shyam, I am closer to getting this to work on 22.04 (22.10 should be easier once we've sorted out 22.04). I'll be off this week (tomorrow onward!) and will definitely have something for you by the next week. Let me know if you have any questions or concerns. TIA. \o/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Hi Robie, Any progress on the keyutils backports for 22.04 and 22.10? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Thanks Robie. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
This bug was fixed in the package keyutils - 1.5.9-9.2ubuntu2.1 --- keyutils (1.5.9-9.2ubuntu2.1) bionic; urgency=medium * d/p/apply-default-ttl-to-records.patch: Add patch to apply default TTL to records obtained from getaddrinfo(). (LP: #1962453) -- Utkarsh Gupta Tue, 08 Mar 2022 13:26:12 +0530 ** Changed in: keyutils (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Hi Shyam, Thank you for testing this out. I'll mark the same. For 22.04 and 22.10, I was waiting on your tests as your comment #6 had got me worried a bit. I'll start working on the backports now and I'll have some news by the end of the week. TIA. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Committed Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Utkarsh/Robie, When can we expect similar backports to Ubuntu 20.04 and newer? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Committed Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
We have validated this fix. The fix works as expected. We've also run several xfstests using various SMB mount scenarios to see that nothing regressed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Committed Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Just a quick update. We've hit some issues during the tests, and we're trying to debug and understand if it's an actual bug, or a setup issue. I will keep this page updated on the results. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Committed Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Thanks for the update, Robie. I'll let you know how our testing goes with this soon. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Committed Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
Hello Utkarsh, or anyone else affected, Accepted keyutils into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/keyutils/1.5.9-9.2ubuntu2.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: keyutils (Ubuntu Bionic) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Committed Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
I think we've concluded that we're not going to ship the configuration file parts in the Impish and Focal uploads, so I'll reject them from the queue now. The Bionic queue upload is ready now though. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
** Changed in: keyutils (Ubuntu Impish) Status: New => Incomplete ** Changed in: keyutils (Ubuntu Focal) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Focal: Incomplete Status in keyutils source package in Impish: Incomplete Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
** Merge proposal linked: https://code.launchpad.net/~utkarsh/ubuntu/+source/keyutils/+git/keyutils/+merge/416514 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Focal: New Status in keyutils source package in Impish: New Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
> [Test plan] Please could you add to the test plan testing to ensure that the new configurable timeout actually works? There's a lot of code being added just to make this configurable, including an entirely new configuration file and extensive by-hand C parsing code. I think we should ensure that this code actually works - otherwise I don't think including it all is justified. > [Where problems could occur] Am I right in thinking that it will no longer be possible to set an infinite lifetime, even by configuration? If we can't think of any case where a user would want this then I think it's fine to proceed as-is, but it's worth calling it out as a place where problems might occur. -- One minor issue that's maybe worth fixing before landing this: the new manpage (including upstream) refers to a different configuration file path than where the code actually looks. Please could you patch to make them match - including in Jammy? Otherwise we rather defeat the point of including the new manpage in this SRU. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Focal: New Status in keyutils source package in Impish: New Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
This bug was fixed in the package keyutils - 1.6.1-2ubuntu3 --- keyutils (1.6.1-2ubuntu3) jammy; urgency=medium * d/p/apply-default-ttl-to-records.patch: Add patch to apply default TTL to records obtained from getaddrinfo(). (LP: #1962453) -- Utkarsh Gupta Mon, 28 Feb 2022 15:14:45 +0530 ** Changed in: keyutils (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Focal: New Status in keyutils source package in Impish: New Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
** Merge proposal linked: https://code.launchpad.net/~utkarsh/ubuntu/+source/keyutils/+git/keyutils/+merge/416132 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: In Progress Status in keyutils source package in Focal: New Status in keyutils source package in Impish: New Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
** Merge proposal linked: https://code.launchpad.net/~utkarsh/ubuntu/+source/keyutils/+git/keyutils/+merge/416129 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: In Progress Status in keyutils source package in Focal: New Status in keyutils source package in Impish: New Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()
** Merge proposal linked: https://code.launchpad.net/~utkarsh/ubuntu/+source/keyutils/+git/keyutils/+merge/416126 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: In Progress Status in keyutils source package in Focal: New Status in keyutils source package in Impish: New Bug description: [Impact] There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] === 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] === This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp