Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 10 Jul 2022 20:08:47 -0400
From: Rich Felker <dalias@...c.org>
To: Felix Tailor <felix.tailor@...me>
Cc: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
Subject: Re: resolv.conf misconfiguration, Round-Robin bug in musl or
 something else?

On Thu, Jul 07, 2022 at 06:16:41PM +0000, Felix Tailor wrote:
> Hello,
> 
> I have encountered an issue when trying to resolve hosts that have
> multiple IPv4 addresses: I get the same IPv4 address for the host. I
> use ping or wget from busybox, which is linked against musl.
> 
> The issue occurs when there are IPv4 and IPv6 nameservers in
> resolv.conf. If I leave only one nameserver (IPv4 or IPv6), I get
> different IPv4 values (Round-Robin) as expected.
> 
> To reproduce this issue:
> 
> 1. Install Docker and enable IPv6: https://docs.docker.com/config/daemon/ipv6/
> 
> 2. Execute:
> 
> 
> docker run --rm -it alpine:3.16.0 sh
> 
> apk add --no-cache dnsmasq
> 
> cat <<EOF >/etc/resolv.conf
> nameserver 127.0.0.1
> nameserver ::1
> EOF
> 
> cat <<EOF >/etc/dnsmasq.conf
> addn-hosts=/etc/addn-hosts
> local=/lan/
> EOF
> 
> cat <<EOF >/etc/addn-hosts
> 127.1.1.1 local.lan
> 127.2.2.2 local.lan
> EOF
> 
> dnsmasq -C /etc/dnsmasq.conf -d &
> 
> i=0; while [ $i -lt 3 ]; do ping -qc1 local.lan; i=$((i+1)); done
> 
> 
> PING local.lan (127.1.1.1) 56(84) bytes of data.
> 
> --- local.lan ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 0.006/0.006/0.006/0.000 ms
> PING local.lan (127.1.1.1) 56(84) bytes of data.
> 
> --- local.lan ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 0.004/0.004/0.004/0.000 ms
> PING local.lan (127.1.1.1) 56(84) bytes of data.
> 
> --- local.lan ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 0.004/0.004/0.004/0.000 ms
> 
> 
> Ping always returns the same IPv4 address, but with nslookup different IPv4 addresses are returned, so Round-Robin seems to work:
> 
> 
> root@...d4fb49d34:/# nslookup local.lan
> Server:		127.0.0.1
> Address:	127.0.0.1#53
> 
> Name:	local.lan
> Address: 127.1.1.1
> Name:	local.lan
> Address: 127.2.2.2
> 
> root@...d4fb49d34:/# nslookup local.lan
> Server:		127.0.0.1
> Address:	127.0.0.1#53
> 
> Name:	local.lan
> Address: 127.2.2.2
> Name:	local.lan
> Address: 127.1.1.1
> 
> root@...d4fb49d34:/# nslookup local.lan
> Server:		127.0.0.1
> Address:	127.0.0.1#53
> 
> Name:	local.lan
> Address: 127.1.1.1
> Name:	local.lan
> Address: 127.2.2.2
> 
> 
> Questions:
> 1. Why is Round-Robin not working with musl for hosts with multiple
> IPv4 addresses when using multiple different IP protocol nameservers
> in resolv.conf?

The round-robin order cycles each time a query is answered, and when
the nameserver is repeated twice, it's queried twice for each call to
the musl stub resolver (both in parallel), and since there are only
two records to round-robin cycle, the square of the 2-cycle is the
identity.

> 2. Is it reasonable to have multiple different IP protocol
> nameservers for localhost in resolv.conf?

No, there is no reason to list more than one address for the same
nameserver unless they correspond to different routes to it, where one
may be down but the other up. Is there a reason you thought you needed
to do this? That may point to some other misconception you should
check out.

> 3. Is replacing the contents of resolv.conf in this example with
> 'nameserver localhost' a viable solution?

No, you cannot use names in place of IP literals here. That would
introduce a circular dependency (on resolving the name).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.