Date: Thu, 18 Mar 2004 03:07:49 +0900 From: Hajimu UMEMOTO <ume@FreeBSD.org> To: Mark Andrews <Mark_Andrews@isc.org> Cc: freebsd-stable@freebsd.org Subject: Re: ftp.perl.org strangeness Message-ID: <yge65d3e496.wl%ume@FreeBSD.org> In-Reply-To: <200403170415.i2H4F5qW093872@drugs.dv.isc.org> References: <255A839665EA24408EB27A6AAE15518EAC1D@europa.ad.hartbrothers.com> <200403170415.i2H4F5qW093872@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Multipart_Thu_Mar_18_03:07:49_2004-1 Content-Type: text/plain; charset=US-ASCII Hi, >>>>> On Wed, 17 Mar 2004 15:15:05 +1100 >>>>> Mark Andrews <Mark_Andrews@isc.org> said: > That thread might lead one to believe that destination address > selection in -CURRENT would give the described behavior, but > I'm not so sure. Destination address selection comes into > play after you have resolved names to addresses. My guess is > even with IPv4 destination addresses preferred in > /etc/ip6addrctl.conf the resolver will still query for both > AAAA and A records when the client is IPv6-enabled. If the > AAAA query comes first and a bork load balancer returns > NXDOMAIN, the negative response will likely be cached and > result in the subsequent A query failing as well, meaning no > IPv4 address to prefer. As you see, the destination address selection isn't a solution for broken name server. But, it solves a problem during connect for IPv4 only users. Mark_Andrews> This issue really gets blown out of proportion. You have Mark_Andrews> a couple of *broken* nameservers worldwide. There really Mark_Andrews> are not a lot of them, they just happen to be high profile Mark_Andrews> servers. Mark_Andrews> When you find one, report it. If people did this originally Mark_Andrews> rather than hacking software to work around the brokeness Mark_Andrews> there wouldn't be a problem now. Yes, actually. However I'm tired enough to hear this issue. Though I don't like to make a patch for this issue, I don't like to hear a problem about IPv6 related issue from IPv4 only users. So, I made a patch to add no_aaaa_quesy to resolver option. With this option, getaddrinfo() and getipnodebyname() do A query against AF_UNSPEC. The former is for 4-STABLE and the latter is for 5-CURRENT. If there is no objection, I'll commit it. Sincerely, --Multipart_Thu_Mar_18_03:07:49_2004-1 Content-Type: text/x-patch; type=patch; charset=US-ASCII Content-Disposition: attachment; filename="resolver-no-aaaa-4s.diff" Content-Transfer-Encoding: 7bit Index: include/resolv.h diff -u include/resolv.h.orig include/resolv.h --- include/resolv.h.orig Sat Jun 16 07:08:26 2001 +++ include/resolv.h Thu Mar 18 02:40:25 2004 @@ -150,6 +150,7 @@ #define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ #define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */ #define RES_NOTLDQUERY 0x00004000 /* Don't query TLD names */ +#define RES_NOAAAAQUERY 0x08000000 /* Don't query AAAA implicitly */ /* KAME extensions: use higher bit to avoid conflict with ISC use */ #define RES_USE_EDNS0 0x40000000 /* use EDNS0 */ Index: lib/libc/net/getaddrinfo.c diff -u -p lib/libc/net/getaddrinfo.c.orig lib/libc/net/getaddrinfo.c --- lib/libc/net/getaddrinfo.c.orig Thu Mar 18 02:32:50 2004 +++ lib/libc/net/getaddrinfo.c Thu Mar 18 02:36:15 2004 @@ -1494,13 +1494,23 @@ _dns_getaddrinfo(pai, hostname, res) struct addrinfo *ai; querybuf *buf, *buf2; const char *name; - struct addrinfo sentinel, *cur; + struct addrinfo sentinel, *cur, pai0; struct res_target q, q2; memset(&q, 0, sizeof(q2)); memset(&q2, 0, sizeof(q2)); memset(&sentinel, 0, sizeof(sentinel)); cur = &sentinel; + + if ((_res.options & RES_INIT) == 0 && res_init() == -1) { + h_errno = NETDB_INTERNAL; + return EAI_FAIL; + } + if ((_res.options & RES_NOAAAAQUERY) && pai->ai_family == AF_UNSPEC) { + pai0 = *pai; + pai0.ai_family = AF_INET; + pai = &pai0; + } buf = malloc(sizeof(*buf)); if (!buf) { Index: lib/libc/net/name6.c diff -u -p lib/libc/net/name6.c.orig lib/libc/net/name6.c --- lib/libc/net/name6.c.orig Sun Nov 3 03:54:57 2002 +++ lib/libc/net/name6.c Thu Mar 18 02:51:50 2004 @@ -1573,6 +1573,15 @@ _dns_ghbyaddr(const void *addr, int addr char *tld4[] = { "in-addr.arpa", NULL }; char **tld; + if ((_res.options & RES_INIT) == 0) { + if (res_init() < 0) { + *errp = h_errno; + return NULL; + } + } + if ((_res.options & RES_NOAAAAQUERY) && af == AF_UNSPEC) + af = AF_INET; + #ifdef INET6 /* XXX */ if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL((struct in6_addr *)addr)) @@ -1592,12 +1601,6 @@ _dns_ghbyaddr(const void *addr, int addr return NULL; } - if ((_res.options & RES_INIT) == 0) { - if (res_init() < 0) { - *errp = h_errno; - return NULL; - } - } memset(&hbuf, 0, sizeof(hbuf)); hbuf.h_name = NULL; hbuf.h_addrtype = af; Index: lib/libc/net/res_init.c diff -u -p lib/libc/net/res_init.c.orig lib/libc/net/res_init.c --- lib/libc/net/res_init.c.orig Tue Feb 5 03:30:55 2002 +++ lib/libc/net/res_init.c Thu Mar 18 02:33:55 2004 @@ -539,8 +539,10 @@ res_setoptions(options, source) _res.options |= RES_INSECURE2; } else if (!strncmp(cp, "no_tld_query", sizeof("no_tld_query") - 1)) { _res.options |= RES_NOTLDQUERY; + } else if (!strncmp(cp, "no_aaaa_query", sizeof("no_aaaa_query") - 1)) { + _res.options |= RES_NOAAAAQUERY; } else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) { - _res.options |= RES_USE_EDNS0; + _res.options |= RES_USE_EDNS0; } else { /* XXX - print a warning here? */ } Index: share/man/man5/resolver.5 diff -u share/man/man5/resolver.5.orig share/man/man5/resolver.5 --- share/man/man5/resolver.5.orig Fri Aug 17 22:08:47 2001 +++ share/man/man5/resolver.5 Thu Mar 18 02:33:55 2004 @@ -125,7 +125,7 @@ .Sy option is one of the following: .Pp -.Bl -tag -width no_tld_query +.Bl -tag -width no_aaaa_query .It Sy debug sets .Dv RES_DEBUG @@ -154,6 +154,12 @@ and .Sy search rules with the given name. +.It Sy no_aaaa_query +tells the resolver not to attempt to qurey an AAAA record. There are +some name servers which return NXDOMAIN against an AAAA query in the +world. Though the behavior is a bug, this option prevent IPv4 users +from this problem. Specifying this option is not recommended. Please +report to a maintainer of a broken name server, instead. .El .Pp Options may also be specified as a space or tab separated list using the --Multipart_Thu_Mar_18_03:07:49_2004-1 Content-Type: text/x-patch; type=patch; charset=US-ASCII Content-Disposition: attachment; filename="resolver-no-aaaa.diff" Content-Transfer-Encoding: 7bit Index: include/resolv.h diff -u include/resolv.h.orig include/resolv.h --- include/resolv.h.orig Fri Feb 27 21:51:36 2004 +++ include/resolv.h Wed Mar 17 15:59:06 2004 @@ -152,6 +152,7 @@ #define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ #define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */ #define RES_NOTLDQUERY 0x00004000 /* Don't query TLD names */ +#define RES_NOAAAAQUERY 0x08000000 /* Don't query AAAA implicitly */ /* KAME extensions: use higher bit to avoid conflict with ISC use */ #define RES_USE_EDNS0 0x40000000 /* use EDNS0 */ Index: lib/libc/net/getaddrinfo.c diff -u -p lib/libc/net/getaddrinfo.c.orig lib/libc/net/getaddrinfo.c --- lib/libc/net/getaddrinfo.c.orig Thu Feb 26 06:03:45 2004 +++ lib/libc/net/getaddrinfo.c Thu Mar 18 02:14:50 2004 @@ -1834,7 +1834,7 @@ _dns_getaddrinfo(rv, cb_data, ap) querybuf *buf, *buf2; const char *name; const struct addrinfo *pai; - struct addrinfo sentinel, *cur; + struct addrinfo sentinel, *cur, pai0; struct res_target q, q2; name = va_arg(ap, char *); @@ -1844,6 +1844,16 @@ _dns_getaddrinfo(rv, cb_data, ap) memset(&q2, 0, sizeof(q2)); memset(&sentinel, 0, sizeof(sentinel)); cur = &sentinel; + + if ((_res.options & RES_INIT) == 0 && res_init() == -1) { + h_errno = NETDB_INTERNAL; + return NS_NOTFOUND; + } + if ((_res.options & RES_NOAAAAQUERY) && pai->ai_family == AF_UNSPEC) { + pai0 = *pai; + pai0.ai_family = AF_INET; + pai = &pai0; + } buf = malloc(sizeof(*buf)); if (!buf) { Index: lib/libc/net/name6.c diff -u -p lib/libc/net/name6.c.orig lib/libc/net/name6.c --- lib/libc/net/name6.c.orig Fri Feb 27 21:51:48 2004 +++ lib/libc/net/name6.c Thu Mar 18 02:13:45 2004 @@ -1718,6 +1718,13 @@ _dns_ghbyname(void *rval, void *cb_data, af = va_arg(ap, int); errp = va_arg(ap, int *); + if ((_res.options & RES_INIT) == 0 && res_init() == -1) { + *errp = NETDB_INTERNAL; + return NS_NOTFOUND; + } + if ((_res.options & RES_NOAAAAQUERY) && af == AF_UNSPEC) + af = AF_INET; + #ifdef INET6 switch (af) { case AF_UNSPEC: Index: lib/libc/net/res_init.c diff -u -p lib/libc/net/res_init.c.orig lib/libc/net/res_init.c --- lib/libc/net/res_init.c.orig Fri Feb 27 21:51:49 2004 +++ lib/libc/net/res_init.c Thu Mar 18 02:05:04 2004 @@ -580,8 +580,10 @@ res_setoptions(options, source) _res.options |= RES_INSECURE2; } else if (!strncmp(cp, "no_tld_query", sizeof("no_tld_query") - 1)) { _res.options |= RES_NOTLDQUERY; + } else if (!strncmp(cp, "no_aaaa_query", sizeof("no_aaaa_query") - 1)) { + _res.options |= RES_NOAAAAQUERY; } else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) { - _res.options |= RES_USE_EDNS0; + _res.options |= RES_USE_EDNS0; } else { /* XXX - print a warning here? */ } Index: share/man/man5/resolver.5 diff -u share/man/man5/resolver.5.orig share/man/man5/resolver.5 --- share/man/man5/resolver.5.orig Mon Dec 8 22:43:20 2003 +++ share/man/man5/resolver.5 Wed Mar 17 19:36:17 2004 @@ -125,7 +125,7 @@ .Sy option is one of the following: .Pp -.Bl -tag -width no_tld_query +.Bl -tag -width no_aaaa_query .It Sy debug sets .Dv RES_DEBUG @@ -168,6 +168,12 @@ and .Sy search rules with the given name. +.It Sy no_aaaa_query +tells the resolver not to attempt to qurey an AAAA record. There are +some name servers which return NXDOMAIN against an AAAA query in the +world. Though the behavior is a bug, this option prevent IPv4 users +from this problem. Specifying this option is not recommended. Please +report to a maintainer of a broken name server, instead. .El .Pp Options may also be specified as a space or tab separated list using the --Multipart_Thu_Mar_18_03:07:49_2004-1 Content-Type: text/plain; charset=US-ASCII -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ --Multipart_Thu_Mar_18_03:07:49_2004-1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yge65d3e496.wl%ume>