Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Mar 2004 03:07:49 +0900
From:      Hajimu UMEMOTO <ume@FreeBSD.org>
To:        Mark Andrews <Mark_Andrews@isc.org>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: ftp.perl.org strangeness 
Message-ID:  <yge65d3e496.wl%ume@FreeBSD.org>
In-Reply-To: <200403170415.i2H4F5qW093872@drugs.dv.isc.org>
References:  <255A839665EA24408EB27A6AAE15518EAC1D@europa.ad.hartbrothers.com> <200403170415.i2H4F5qW093872@drugs.dv.isc.org>

next in thread | previous in thread | raw e-mail | index | archive | help
--Multipart_Thu_Mar_18_03:07:49_2004-1
Content-Type: text/plain; charset=US-ASCII

Hi,

>>>>> On Wed, 17 Mar 2004 15:15:05 +1100
>>>>> Mark Andrews <Mark_Andrews@isc.org> said:

> That thread might lead one to believe that destination address
> selection in -CURRENT would give the described behavior, but
> I'm not so sure.  Destination address selection comes into
> play after you have resolved names to addresses.  My guess is
> even with IPv4 destination addresses preferred in
> /etc/ip6addrctl.conf the resolver will still query for both
> AAAA and A records when the client is IPv6-enabled.  If the
> AAAA query comes first and a bork load balancer returns
> NXDOMAIN, the negative response will likely be cached and
> result in the subsequent A query failing as well, meaning no
> IPv4 address to prefer.

As you see, the destination address selection isn't a solution for
broken name server.  But, it solves a problem during connect for IPv4
only users.

Mark_Andrews> 	This issue really gets blown out of proportion.  You have
Mark_Andrews> 	a couple of *broken* nameservers worldwide. There really
Mark_Andrews> 	are not a lot of them, they just happen to be high profile
Mark_Andrews> 	servers.

Mark_Andrews> 	When you find one, report it.  If people did this originally
Mark_Andrews> 	rather than hacking software to work around the brokeness
Mark_Andrews> 	there wouldn't be a problem now.

Yes, actually.  However I'm tired enough to hear this issue.  Though I
don't like to make a patch for this issue, I don't like to hear a
problem about IPv6 related issue from IPv4 only users.  So, I made a
patch to add no_aaaa_quesy to resolver option.  With this option,
getaddrinfo() and getipnodebyname() do A query against AF_UNSPEC.  The
former is for 4-STABLE and the latter is for 5-CURRENT.  If there is
no objection, I'll commit it.

Sincerely,

--Multipart_Thu_Mar_18_03:07:49_2004-1
Content-Type: text/x-patch; type=patch; charset=US-ASCII
Content-Disposition: attachment; filename="resolver-no-aaaa-4s.diff"
Content-Transfer-Encoding: 7bit

Index: include/resolv.h
diff -u include/resolv.h.orig include/resolv.h
--- include/resolv.h.orig	Sat Jun 16 07:08:26 2001
+++ include/resolv.h	Thu Mar 18 02:40:25 2004
@@ -150,6 +150,7 @@
 #define	RES_NOALIASES	0x00001000	/* shuts off HOSTALIASES feature */
 #define	RES_USE_INET6	0x00002000	/* use/map IPv6 in gethostbyname() */
 #define	RES_NOTLDQUERY	0x00004000	/* Don't query TLD names */
+#define	RES_NOAAAAQUERY	0x08000000	/* Don't query AAAA implicitly */
 /* KAME extensions: use higher bit to avoid conflict with ISC use */
 #define	RES_USE_EDNS0	0x40000000	/* use EDNS0 */
 
Index: lib/libc/net/getaddrinfo.c
diff -u -p lib/libc/net/getaddrinfo.c.orig lib/libc/net/getaddrinfo.c
--- lib/libc/net/getaddrinfo.c.orig	Thu Mar 18 02:32:50 2004
+++ lib/libc/net/getaddrinfo.c	Thu Mar 18 02:36:15 2004
@@ -1494,13 +1494,23 @@ _dns_getaddrinfo(pai, hostname, res)
 	struct addrinfo *ai;
 	querybuf *buf, *buf2;
 	const char *name;
-	struct addrinfo sentinel, *cur;
+ 	struct addrinfo sentinel, *cur, pai0;
 	struct res_target q, q2;
 
 	memset(&q, 0, sizeof(q2));
 	memset(&q2, 0, sizeof(q2));
 	memset(&sentinel, 0, sizeof(sentinel));
 	cur = &sentinel;
+
+	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+		h_errno = NETDB_INTERNAL;
+		return EAI_FAIL;
+	}
+	if ((_res.options & RES_NOAAAAQUERY) && pai->ai_family == AF_UNSPEC) {
+		pai0 = *pai;
+		pai0.ai_family = AF_INET;
+		pai = &pai0;
+	}
 
 	buf = malloc(sizeof(*buf));
 	if (!buf) {
Index: lib/libc/net/name6.c
diff -u -p lib/libc/net/name6.c.orig lib/libc/net/name6.c
--- lib/libc/net/name6.c.orig	Sun Nov  3 03:54:57 2002
+++ lib/libc/net/name6.c	Thu Mar 18 02:51:50 2004
@@ -1573,6 +1573,15 @@ _dns_ghbyaddr(const void *addr, int addr
 	char *tld4[] = { "in-addr.arpa", NULL };
 	char **tld;
 
+	if ((_res.options & RES_INIT) == 0) {
+		if (res_init() < 0) {
+			*errp = h_errno;
+			return NULL;
+		}
+	}
+	if ((_res.options & RES_NOAAAAQUERY) && af == AF_UNSPEC)
+		af = AF_INET;
+
 #ifdef INET6
 	/* XXX */
 	if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL((struct in6_addr *)addr))
@@ -1592,12 +1601,6 @@ _dns_ghbyaddr(const void *addr, int addr
 		return NULL;
 	}
 
-	if ((_res.options & RES_INIT) == 0) {
-		if (res_init() < 0) {
-			*errp = h_errno;
-			return NULL;
-		}
-	}
 	memset(&hbuf, 0, sizeof(hbuf));
 	hbuf.h_name = NULL;
 	hbuf.h_addrtype = af;
Index: lib/libc/net/res_init.c
diff -u -p lib/libc/net/res_init.c.orig lib/libc/net/res_init.c
--- lib/libc/net/res_init.c.orig	Tue Feb  5 03:30:55 2002
+++ lib/libc/net/res_init.c	Thu Mar 18 02:33:55 2004
@@ -539,8 +539,10 @@ res_setoptions(options, source)
 		       _res.options |= RES_INSECURE2;
 		} else if (!strncmp(cp, "no_tld_query", sizeof("no_tld_query") - 1)) {
 			_res.options |= RES_NOTLDQUERY;
+		} else if (!strncmp(cp, "no_aaaa_query", sizeof("no_aaaa_query") - 1)) {
+			_res.options |= RES_NOAAAAQUERY;
 		} else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) {
-		       _res.options |= RES_USE_EDNS0;
+			_res.options |= RES_USE_EDNS0;
 		} else {
 			/* XXX - print a warning here? */
 		}
Index: share/man/man5/resolver.5
diff -u share/man/man5/resolver.5.orig share/man/man5/resolver.5
--- share/man/man5/resolver.5.orig	Fri Aug 17 22:08:47 2001
+++ share/man/man5/resolver.5	Thu Mar 18 02:33:55 2004
@@ -125,7 +125,7 @@
 .Sy option
 is one of the following:
 .Pp
-.Bl -tag -width no_tld_query
+.Bl -tag -width no_aaaa_query
 .It Sy debug
 sets
 .Dv RES_DEBUG
@@ -154,6 +154,12 @@
 and
 .Sy search
 rules with the given name.
+.It Sy no_aaaa_query
+tells the resolver not to attempt to qurey an AAAA record.  There are
+some name servers which return NXDOMAIN against an AAAA query in the
+world.  Though the behavior is a bug, this option prevent IPv4 users
+from this problem.  Specifying this option is not recommended.  Please
+report to a maintainer of a broken name server, instead.
 .El
 .Pp
 Options may also be specified as a space or tab separated list using the

--Multipart_Thu_Mar_18_03:07:49_2004-1
Content-Type: text/x-patch; type=patch; charset=US-ASCII
Content-Disposition: attachment; filename="resolver-no-aaaa.diff"
Content-Transfer-Encoding: 7bit

Index: include/resolv.h
diff -u include/resolv.h.orig include/resolv.h
--- include/resolv.h.orig	Fri Feb 27 21:51:36 2004
+++ include/resolv.h	Wed Mar 17 15:59:06 2004
@@ -152,6 +152,7 @@
 #define	RES_NOALIASES	0x00001000	/* shuts off HOSTALIASES feature */
 #define	RES_USE_INET6	0x00002000	/* use/map IPv6 in gethostbyname() */
 #define	RES_NOTLDQUERY	0x00004000	/* Don't query TLD names */
+#define	RES_NOAAAAQUERY	0x08000000	/* Don't query AAAA implicitly */
 /* KAME extensions: use higher bit to avoid conflict with ISC use */
 #define	RES_USE_EDNS0	0x40000000	/* use EDNS0 */
 
Index: lib/libc/net/getaddrinfo.c
diff -u -p lib/libc/net/getaddrinfo.c.orig lib/libc/net/getaddrinfo.c
--- lib/libc/net/getaddrinfo.c.orig	Thu Feb 26 06:03:45 2004
+++ lib/libc/net/getaddrinfo.c	Thu Mar 18 02:14:50 2004
@@ -1834,7 +1834,7 @@ _dns_getaddrinfo(rv, cb_data, ap)
 	querybuf *buf, *buf2;
 	const char *name;
 	const struct addrinfo *pai;
-	struct addrinfo sentinel, *cur;
+	struct addrinfo sentinel, *cur, pai0;
 	struct res_target q, q2;
 
 	name = va_arg(ap, char *);
@@ -1844,6 +1844,16 @@ _dns_getaddrinfo(rv, cb_data, ap)
 	memset(&q2, 0, sizeof(q2));
 	memset(&sentinel, 0, sizeof(sentinel));
 	cur = &sentinel;
+
+	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+		h_errno = NETDB_INTERNAL;
+		return NS_NOTFOUND;
+	}
+	if ((_res.options & RES_NOAAAAQUERY) && pai->ai_family == AF_UNSPEC) {
+		pai0 = *pai;
+		pai0.ai_family = AF_INET;
+		pai = &pai0;
+	}
 
 	buf = malloc(sizeof(*buf));
 	if (!buf) {
Index: lib/libc/net/name6.c
diff -u -p lib/libc/net/name6.c.orig lib/libc/net/name6.c
--- lib/libc/net/name6.c.orig	Fri Feb 27 21:51:48 2004
+++ lib/libc/net/name6.c	Thu Mar 18 02:13:45 2004
@@ -1718,6 +1718,13 @@ _dns_ghbyname(void *rval, void *cb_data,
 	af = va_arg(ap, int);
 	errp = va_arg(ap, int *);
 
+	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+		*errp = NETDB_INTERNAL;
+		return NS_NOTFOUND;
+	}
+	if ((_res.options & RES_NOAAAAQUERY) && af == AF_UNSPEC)
+		af = AF_INET;
+
 #ifdef INET6
 	switch (af) {
 	case AF_UNSPEC:
Index: lib/libc/net/res_init.c
diff -u -p lib/libc/net/res_init.c.orig lib/libc/net/res_init.c
--- lib/libc/net/res_init.c.orig	Fri Feb 27 21:51:49 2004
+++ lib/libc/net/res_init.c	Thu Mar 18 02:05:04 2004
@@ -580,8 +580,10 @@ res_setoptions(options, source)
 		       _res.options |= RES_INSECURE2;
 		} else if (!strncmp(cp, "no_tld_query", sizeof("no_tld_query") - 1)) {
 			_res.options |= RES_NOTLDQUERY;
+		} else if (!strncmp(cp, "no_aaaa_query", sizeof("no_aaaa_query") - 1)) {
+			_res.options |= RES_NOAAAAQUERY;
 		} else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) {
-		       _res.options |= RES_USE_EDNS0;
+			_res.options |= RES_USE_EDNS0;
 		} else {
 			/* XXX - print a warning here? */
 		}
Index: share/man/man5/resolver.5
diff -u share/man/man5/resolver.5.orig share/man/man5/resolver.5
--- share/man/man5/resolver.5.orig	Mon Dec  8 22:43:20 2003
+++ share/man/man5/resolver.5	Wed Mar 17 19:36:17 2004
@@ -125,7 +125,7 @@
 .Sy option
 is one of the following:
 .Pp
-.Bl -tag -width no_tld_query
+.Bl -tag -width no_aaaa_query
 .It Sy debug
 sets
 .Dv RES_DEBUG
@@ -168,6 +168,12 @@
 and
 .Sy search
 rules with the given name.
+.It Sy no_aaaa_query
+tells the resolver not to attempt to qurey an AAAA record.  There are
+some name servers which return NXDOMAIN against an AAAA query in the
+world.  Though the behavior is a bug, this option prevent IPv4 users
+from this problem.  Specifying this option is not recommended.  Please
+report to a maintainer of a broken name server, instead.
 .El
 .Pp
 Options may also be specified as a space or tab separated list using the

--Multipart_Thu_Mar_18_03:07:49_2004-1
Content-Type: text/plain; charset=US-ASCII

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

--Multipart_Thu_Mar_18_03:07:49_2004-1--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yge65d3e496.wl%ume>