Date: Wed, 04 Oct 2017 20:39:48 +0000 From: Srinivasa Raghavan <raghav135@...il.com> To: musl@...ts.openwall.com Subject: Re: DNS resolution happenning only after timeout Hi Rich, Thanks for your time and reply. Will try to get the dns fixed. Kind Regards, R. Srinivasa Raghavan. On Thu, 5 Oct 2017 at 1:49 AM, Rich Felker <dalias@...c.org> wrote: > On Wed, Oct 04, 2017 at 07:28:35PM +0000, Srinivasa Raghavan wrote: > > Hi Markus, > > > > Thanks for the reply. > > > > The problem is not only in nslookup, it is there in ping, tracert, curl, > > node.js, wget etc. :( > > > > I will debug and find the exact c api that is used for each of the > > scenarios. > > > > I am just wondering if there is any workaround ? > > > > Lot of folks are facing this issue (slow dns name resolution in alpine > > linux, with some dns servers) , and this may be the root cause? > > musl does not have any way to suppress applications' requests for IPv6 > lookups. In theory if an application used the AI_ADDRCONF option to > request "only give IPv6 results if IPv6 is supported" we could do it, > but there are multiple reasons this hasn't been implemented including > ambiguity as to how exactly it should behave, and I doubt it would > help anyway since most applications don't use this option. > > From the info you've provided so far, my best guess is that you have a > buggy nameserver that either stalls or replies with a non-conclusive > message like ServFail when it receives an AAAA query. If this is the > case, there are a few possible fixes or workarounds you could try: > > 1. If the nameserver is on a device under your control, see if there's > an upgrade/patch to fix the issue. > > 2. Switch to a different nameserver without the bug like the public > Google ones at 126.96.36.199 etc. > > 3. Run your own caching/proxy nameserver on localhost and configure it > to reply NxDomain (does not exist) for all AAAA lookups. > > 4. Use iptables to catch DNS query packets for AAAA records and > redirect them to a dummy server that just always replies with > NxDomain. > > Without knowing more about your environment I can't really guess which > ones of these options, if any, might be practical for you but > hopefully at least one is. > > Rich > > > > > On Wed, 4 Oct 2017 at 10:16 PM, Markus Wichmann <nullplan@....net> > wrote: > > > > > On Wed, Oct 04, 2017 at 07:18:10PM +0530, Srinivasa Raghavan wrote: > > > > Hi Rich, > > > > > > > > Thanks for the reply. > > > > > > > > Some updates: > > > > 1. Our DNS server is "Infoblox appliance". > > > > 2. When we had a delay, we found that there was a "AAAA" query along > with > > > > "A" query. > > > > > > > > I did further debugging with "tcpdump" and able to narrow down on the > > > > difference in behavior between "debian" and "alpine" images. > > > > > > > > In debian: > > > > If ipv6 is disabled (net.ipv6.conf.default.disable_ipv6 = 1) > > > > Then the "nslookup" (or name resolution) does *not* do a "AAAA" query > > > > > > > > > > That's probably because glibc's DNS resolver only generates AAAA > queries > > > if it can create an IPv6 socket. > > > > > > > In alpine: > > > > If ipv6 is disabled (net.ipv6.conf.default.disable_ipv6 = 1) > > > > Then the "nslookup" (or name resolution) does an "AAAA" query along > with > > > > "A" query > > > > > > > > Is this intentional? > > > > > > > > Also, I was wondering if there was any way to disable AAAA query in > name > > > > resolution? > > > > > > > > > > There does not appear to be a way without changing code. In musl, the > > > function name_from_dns() will always generate both the AAAA and the A > > > query unless "family" is explicitly set to one of the address families. > > > No input from resolv.conf or similar is used for this. And "family" > > > comes directly from the caller, i.e. nslookup. You'd have to change the > > > nslookup code to only ask for IPv4 addresses. > > > > > > > Kind Regards, > > > > Srinivasa Raghavan. > > > > > > Ciao, > > > Markus > > > > Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.