Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Sep 2017 12:28:55 +0200
From: Szabolcs Nagy <>
Cc: Srinivasa Raghavan <>
Subject: Re: DNS resolution happenning only after timeout

* Srinivasa Raghavan <> [2017-09-28 15:45:28 +0530]:
> When using "Alpine" docker image which uses musl-libc, we are facing delay
> when we do operations like below in our production environment,
> 1. ping <name>
> 2. nslookup <name>
> 3. traceroute <name>
> 4. http request from node.js

this bug may be related:

> There is a 5 second delay in name resolution, and then the above command
> returns the response. The same problem does not occur in "debian" docker
> image (which uses GNU libc).
> In our case, there is a combination of SERVFAIL, "canonical name" along
> with "Non authoritative answer".
> Some learnings after doing some trial and error:
> 1. If I install "bind-tools" package in alpine, the "nslookup" happens
> without delay.
> 2. If I set "options timout:1" in /etc/resolv.conf , then the name is
> resolved after 1 second (instead of 5 seconds).
> 3. Whatever I change in /etc/resolv.conf (Like setting "domain", "search"),
> there was no benefit.
> 4. output of "host"/"nslookup" command shows "SERVFAIL"
> 5. The problem does not occur if run from the host machine (Not from alpine
> container).
> 6. The problem does not occur if run from another container which uses Gnu
> libc, like "Debian" image.
> Sample command outputs attached for reference.
> Request you to kindly help in debugging / resolution of this.
> Kind Regards,
> R. Srinivasa Raghavan.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.