From owner-freebsd-bugs@FreeBSD.ORG Wed Nov 24 06:50:22 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D3EB16A4CE for ; Wed, 24 Nov 2004 06:50:22 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04D0343D41 for ; Wed, 24 Nov 2004 06:50:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iAO6oL0U046839 for ; Wed, 24 Nov 2004 06:50:21 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iAO6oLWC046838; Wed, 24 Nov 2004 06:50:21 GMT (envelope-from gnats) Resent-Date: Wed, 24 Nov 2004 06:50:21 GMT Resent-Message-Id: <200411240650.iAO6oLWC046838@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Juan Pablo Villa Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC35F16A4CE for ; Wed, 24 Nov 2004 06:50:12 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8115A43D5A for ; Wed, 24 Nov 2004 06:50:12 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id iAO6oCCQ000621 for ; Wed, 24 Nov 2004 06:50:12 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id iAO6oCfC000620; Wed, 24 Nov 2004 06:50:12 GMT (envelope-from nobody) Message-Id: <200411240650.iAO6oCfC000620@www.freebsd.org> Date: Wed, 24 Nov 2004 06:50:12 GMT From: Juan Pablo Villa To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: misc/74314: DNS resolver broken under certain jail conditions X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Nov 2004 06:50:22 -0000 >Number: 74314 >Category: misc >Synopsis: DNS resolver broken under certain jail conditions >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Nov 24 06:50:21 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Juan Pablo Villa >Release: 4.9-RELEASE-p13 >Organization: Datafull.com >Environment: FreeBSD XXXXXX.datafull.com 4.9-RELEASE-p13 FreeBSD 4.9-RELEASE-p13 #0: Sat Nov 20 22:57:03 ART 2004 root@:/usr/obj/usr/src/sys/GENERIC i386 Also tested this with 4.10-RELEASE, 4.9-RELEASE, and 4.10-STABLE this one built on Nov 19 2004 (approx.). I've enjoyed my weekend rebuilding world like crazy, looking to avoid this bug without any results. >Description: When creating new jails for mi internal network, I hit the following: I have 2 ethernet interfaces, lets say dc0 and dc1. dc0 has an ip public address, connected to the internet thru a default gw dc1 has a private ip address (i.e. 10.3.2.102) If I start the jail env with an aliased ip from dc0, everything works ok, just as usual. However, using aliases from dc1, things are a little bit different, because the resolver seems broken from inside the jail. Netcat and UDP traffic in general to host/outside seems ok in both ways, but DNS lookups don't work anymore. Dig lookups from inside the jail result in the following: #dig freebsd.org ; <<>> DiG 8.3 <<>> freebsd.org ;; res options: init recurs defnam dnsrch ;; res_nsend: Operation timed out or a similar res_nsend error. Looking on the internet, a similar case is described on: http://archive.pilgerer.org/mharc/html/freebsd-questions/2004-04/msg02948.html I guess that using jail aliases within the same net as the default gw works, and the rest of aliases don't (the rest don't have a default gw on the same net, of course). Just guessing. >How-To-Repeat: 1) Create a jail env, as explained on jail(8) 2) Create an alias on dc1 for the jail (i.e. ifconfig dc1 -alias 10.3.2.11 netmask 255.255.255.255). dc1 must not be your main interface 3) Copy a working /etc/resolv.conf from host to jail 4) Initialize jail with that previous ip alias (i.e. jail /usr/jail/ jail.datafull.com 10.3.2.11 /bin/sh) 5) dig freebsd.org 6) nc -u YOUR_DNS.com 53 >Fix: Just guessing here: If normal UDP traffic is possible (as shown by netcat), then a temporary workaround would be to install a recursive dns like dnscache (on host, or could be on the jail too). Haven't tried yet. >Release-Note: >Audit-Trail: >Unformatted: