Date: Tue, 10 Jan 2023 08:40:13 +0100 From: Alexander Leidinger <Alexander@leidinger.net> To: Mathias Picker <Mathias.Picker@virtual-earth.de> Cc: freebsd-emulation@freebsd.org Subject: Re: Linux jail 14-CURRENT: DNS does not work for *some* programs? Message-ID: <20230110084013.Horde.685bQie_CaYVmp_jzMaMTeq@webmail.leidinger.net> In-Reply-To: <CA4C4A0C-F394-473C-9FC2-3EF5B1E2F1FD@virtual-earth.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed. --=_HITCnOCO51Zm7V8wel7pu2u Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Mathias Picker <Mathias.Picker@virtual-earth.de> (from Tue, 10=20= =20 Jan=202023 06:51:06 +0100): > Hi all, > > I=E2=80=99m testing a few linux triplestore in a linux jail, and used 13.= 1=20=20 >=20which worked fine most of the time. > > Now one of the stores shows dropped connections with many clients,=20=20 >=20and as I can see logs of netlink errors in the logs, I thought I=E2=80= =99d=20=20 >=20try -CURRENT. > > Sadly, my linux jail (Ubuntu 16.04.7) now shows an irritating=20=20 >=20behaviour, some programs seem to hang indefinitely waiting for name=20= =20 >=20resolution: > > Inside the jail: > > Working version with ping [example] > Non-working with wget (same for curl and others) [example] > So, this tcpdump looks pretty much as if both got answers from unbound. > Why is wget (and host, and curl, and sudo) not =E2=80=9Cgetting=E2=80=9D = this answer? > > Any ideas where to look or questions about my setup welcome! Current has netlink support, 13.1 doesn't. Current may have changes in=20= =20 the=20linuxumaltor, which aren't in 13.1. You need to debug the kernel=20= =20 path.=20Possible tools to do so are ktrace and dtrace. The most easy cmdline would be ktrace, whereas dtrace gives more=20=20 flexibility=20in what you do and how you look at it. As a first step I=20= =20 would=20recommend ktrace. Not sure if it will work as I want it to work... ktrace -di jexec "ID or name of jail" ping google.de After you have seen the answer with tcpdump, you can kill ktrace/ping=20=20 (or=20wait for a timeout, but this will increase the amount of data=20=20 traced)=20and inspect the result via "kdump" (this will take the file=20=20 "ktrace.out"=20in the current directory and print out the data). IF this works (I'm not sure if the ktrace inherits(descents into a=20=20 jail),=20you will see the calls to jexec and the exec of ping and what=20= =20 all=20those do in the kernel. This will then give a hint where to look=20= =20 next. IF=20this doesn't work, you can use "ktrace -di -p <pid of ping>" from=20= =20 the=20jail-host while ping is running. If ping tries to redo the DNS=20=20 lookup,=20or a second nameserver is configured and it tries to get the=20= =20 info=20from the second after a timeout, you may be lucky to catch that=20= =20 in=20the trace. Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_HITCnOCO51Zm7V8wel7pu2u Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIzBAABCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmO9Fl0ACgkQEg2wmwP4 2Ibp3g//Sv66tw4u5+w1SRwgpOisd46UWeUbaCYzF89l2NPB1KZBxF1XtFBctzWn 8QYIzbrFDbq5uPhRI1GCbtUhpkjyn5Qogv6drmH9r5JVYrNi2SggqMb4cAB+A4+c bzxAL8wg9Le53YQtk/VvmjMaUbLskvWAcYIPZVLGIh5mDo7+MoiTMsX91r/m+Sf+ qqQY5r5mb/Dqk+tMFMkKvU/pVfcT1cxl6xEe37o08u1lybMglUQojK2Ieh2nX9Ll mQqMe8zyHxHcXlhQrEl9LQjRKOzxbhQgslvhwP09ecGZ6C8DfZQZQdzEAs1aeKv4 GXyY4Nl1D8pOn2Z7VVeTRL8suOdcn3GZ5PTt7CPANHDDn3xSg3RQRtgEHmVH1h31 P4Tpw619R0+KOar/0rsEjkOtBJJ7aZM1SYk0QWLzCbeKRak/UL2p7jB4KK1qXNWn EJ2/5StyvM0iBdEGoKC+zUxUsmt7y8ksh7tiEgrtkbkus7faHVNZiigZEl/Dbyut c39vwzAHjQkQV7KsUcHwjJGc/IhDPf/t6qfjT6wOmB+eO5L6ETtWZG5PwnRWBPTL dZe9m0jQwlfaC4kKdiF3WUcId1PO+rdB2Ly7P+1ItKthaIVoN5elEHz5CQj7JyBr +O6XqNEYN4bQpJK+NhUYkNSD/mDoS0fX210lk9880yspdB9JCvg= =M+ZR -----END PGP SIGNATURE----- --=_HITCnOCO51Zm7V8wel7pu2u--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230110084013.Horde.685bQie_CaYVmp_jzMaMTeq>