Date: Tue, 23 Sep 2008 13:15:24 -0700 (PDT) From: "Eugene M. Kim" <20080111.freebsd.org@ab.ote.we.lv> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/127591: [PATCH] [libc/net] spurious warning against DNAME RRs in getaddrinfo() and gethostby*() Message-ID: <200809232015.m8NKFO1b035318@purple.the-7.net> Resent-Message-ID: <200809232020.m8NKK1ce095074@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 127591
>Category: bin
>Synopsis: [PATCH] [libc/net] spurious warning against DNAME RRs in getaddrinfo() and gethostby*()
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 23 20:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Eugene M. Kim
>Release: FreeBSD 7.1-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD purple.the-7.net 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #4: Wed Sep 10 17:25:31 PDT 2008 ab@purple.the-7.net:/home/FreeBSD/build/RELENG_7/obj/home/FreeBSD/build/RELENG_7/src/sys/PURPLE i386
>Description:
DNS DNAME RRs (as defined in RFC 2672) provides a mechanism for
non-terminal name redirection. For example, www.the-7.com does not
exist in DNS but the-7.com has a DNAME alias to the-7.net; looking up
www.the-7.com for an A record would return:
$ dig www.the-7.com IN A +noall +answer
; <<>> DiG 9.4.2-P1 <<>> www.the-7.com IN A +noall +answer
;; global options: printcmd
the-7.com. 300 IN DNAME the-7.net.
www.the-7.com. 0 IN CNAME www.the-7.net.
www.the-7.net. 300 IN CNAME purple.the-7.net.
purple.the-7.net. 300 IN A 64.71.156.34
$
(The nameserver, upon receiving a request that matches a DNAME,
returns the DNAME and a synthesized CNAME.)
When src/libc/net/{getaddrinfo,gethostbydns}.c examines this result,
they see the DNAME record and emits a warning over auth.notice syslog,
which shows up in /var/log/messages and /var/log/auth.log by default.
These warnings are benign (as the server returns a synthesized CNAME
that correctly leads to the targeted name), but on a heavy-loaded
server they add up quickly and bloats the log size.
>How-To-Repeat:
$ /sbin/ping www.the-7.com
...
^C
$ fgrep 'www.the-7.com' /var/log/messages | tail -1
Sep 23 12:18:43 purple ping: gethostby*.gethostanswer: asked for "www.the-7.com IN A", got type "DNAME"
$
>Fix:
$ patch -d /usr/src << 'ENDEND'
--- - 2008-09-23 12:53:26.119657584 -0700
+++ lib/libc/net/getaddrinfo.c 2008-09-23 12:23:00.143769940 -0700
@@ -1884,7 +1884,7 @@
}
} else if (type != qtype) {
#ifdef DEBUG
- if (type != T_KEY && type != T_SIG)
+ if (type != T_KEY && type != T_SIG && type != ns_t_dname)
syslog(LOG_NOTICE|LOG_AUTH,
"gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
qname, p_class(C_IN), p_type(qtype),
--- - 2008-09-23 12:53:45.223733999 -0700
+++ lib/libc/net/gethostbydns.c 2008-09-23 12:22:03.243899560 -0700
@@ -294,7 +294,7 @@
continue;
}
if (type != qtype) {
- if (type != T_SIG)
+ if (type != T_SIG && type != ns_t_dname)
syslog(LOG_NOTICE|LOG_AUTH,
"gethostby*.gethostanswer: asked for \"%s %s %s\", got type \"%s\"",
qname, p_class(C_IN), p_type(qtype),
ENDEND
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809232015.m8NKFO1b035318>