Date: Wed, 12 May 1999 04:22:42 -0700 (PDT) From: tomita@cs.titech.ac.jp To: freebsd-gnats-submit@freebsd.org Subject: bin/11666: ypserv fails to reply host name resolution with DNS Message-ID: <19990512112242.3D10614F79@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 11666
>Category: bin
>Synopsis: ypserv fails to reply host name resolution with DNS
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 12 04:30:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Yoshinori TOMITA
>Release: 2.2.8R
>Organization:
Tokyo Institute of Technology
>Environment:
FreeBSD zero.cs.titech.ac.jp 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE #0: Mon Mar 15
16:24:55 JST 1999 tomita@shoji.cs.titech.ac.jp:/usr/src/sys/compile/Lake-Sho
jiKo i386
>Description:
Our environment:
In /etc/host.conf, the order is hosts, nis, bind.
In NIS hosts file, we have YP_INTERDOMAIN entry. So, host name lookup will also be done by DNS when not found in hosts file.
When resolving non-existing host name such as "baka.aho.manuke.",
ypserv will look up this name via DNS with the name
"baka.aho.manuke..cs.titech.ac.jp", here cs.titech.ac.jp is our domain name and described in /etc/resolved.conf.
This DNS query fails because the hostname syntax is wrong.
But ypserve will not see this failure and will not reply to the client
which issued hostname resolution request.
After all, the client will get "yp_match: clnt_call: RPC: Timed out"
and continue name resolution infinitely.
In kerberos environment, when login to the FreeBSD machine, kerberos
server name such as "kerberos-1.SOMETHING" will be requested to resolve.
The request will be processed by ypserv as the form like
"kerberos-1.SOMETHING..cs.titech.ac.jp".
As written above, this query infinitely continues and nobody can login.
[ LOG of ypserv -d]
ypserv: procedure ypproc_match called from 131.112.17.142:3896
ypserv: client is referencing map "hosts.byname".
ypserv: looking up key [baka.aho.manuke.]
ypserv: doing DNS lookup of baka.aho.manuke.
ypserv: queueing async DNS name lookup (24621)
ypserv: running dns queue
ypserv: got dns reply from 131.112.17.129
ypserv: retrying with: baka.aho.manuke..cs.titech.ac.jp
ypserv: res_mkquery failed
I guess ypserv does not think of the case when res_mkquery() failes
or yp_send_dns_query() failes twice.
We cound not observ this problem on ypserv of 2.2.5R,
but we did not track down deeply because we are not
interested in 2.2.5R any longer.
[ tested on 2.2.5R, the environment may differ from 2.2.8R ]
# ping baka.aho.tonma..hoge
ypserv: Procedure ypproc_match called from 127.0.0.1:676
ypserv: Client is referencing map "hosts.byname".
ypserv: queue overflow -- releasing last slot
ypserv: Looking up key [baka.aho.tonma..hoge]
ypserv: Doing DNS lookup of baka.aho.tonma..hoge
ypserv: res_mkquery failed
ypserv: DNS query failed
ping: cannot resolve baka.aho.tonma..hoge: Unknown server error
>How-To-Repeat:
With the following two command,
ping baka.aho.manuke
ping baka.aho.manuke.
>Fix:
I append one if-condition to ypserv.c
but this does not solve the problem perfectly.
# Just suppressing DNS lookup when host name ends with "."
/*
* Do DNS lookups for hosts maps if database lookup failed.
*/
if( argp->key.keydat_val[argp->key.keydat_len-1] != '.' )
#ifdef DB_CACHE
if (result.stat != YP_TRUE &&
(yp_testflag(argp->map, argp->domain, YP_INTERDOMAIN) ||
(strstr(argp->map, "hosts") && do_dns))) {
#else
if (do_dns && result.stat != YP_TRUE && strstr(argp->map, "hosts")) {
#endif
char nbuf[YPMAXRECORD];
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990512112242.3D10614F79>