Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Dec 2018 21:31:55 -0800 (PST)
From: Tarun Johar  <tjohar@...alphase.com>
To: musl@...ts.openwall.com
Cc: "Tarun Johar " <tjohar@...alphase.com>
Subject: DNS resolver patch

Hi Team, 

The VirtualBox --natdnsresolver does not support IPv6 AAAA address queries. It returns "NotImp" (code 4) for such queries. 

The MUSL library (https://www.musl-libc.org/) resolver does not recognize this code and retries the query until the timeout. This causes DNS lookups to take several seconds after which they are eventually successful. 

The GLIBC resolver works properly with the same configuration, suggesting that a fix should be made to MUSL to handle the "NotImp" response code. 

The root cause is this section of code in musl/src/network/res_msend.c:149 
/* Only accept positive or negative responses; 
* retry immediately on server failure, and ignore 
* all other codes such as refusal. */ 
switch (answers[next][3] & 15) { 
case 0: 
case 3: 
break; 
case 2: 
if (servfail_retry && servfail_retry--) 
sendto(fd, queries[i], 
qlens[i], MSG_NOSIGNAL, 
(void *)&ns[j], sl); 
default: 
continue; 
} 

If "case 4" is added after "case 3" and before "break", the NotImp code is treated as a positive or negative response and the name resolution loop completes immediately. 

Can the patch for this be included in MUSL 1.1.21 ? 

Thanks, 
Tarun 

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.