Date: Thu, 18 Mar 2004 03:07:49 +0900 From: Hajimu UMEMOTO <ume@FreeBSD.org> To: Mark Andrews <Mark_Andrews@isc.org> Cc: freebsd-stable@freebsd.org Subject: Re: ftp.perl.org strangeness Message-ID: <yge65d3e496.wl%ume@FreeBSD.org> In-Reply-To: <200403170415.i2H4F5qW093872@drugs.dv.isc.org> References: <255A839665EA24408EB27A6AAE15518EAC1D@europa.ad.hartbrothers.com> <200403170415.i2H4F5qW093872@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Multipart_Thu_Mar_18_03:07:49_2004-1
Content-Type: text/plain; charset=US-ASCII
Hi,
>>>>> On Wed, 17 Mar 2004 15:15:05 +1100
>>>>> Mark Andrews <Mark_Andrews@isc.org> said:
> That thread might lead one to believe that destination address
> selection in -CURRENT would give the described behavior, but
> I'm not so sure. Destination address selection comes into
> play after you have resolved names to addresses. My guess is
> even with IPv4 destination addresses preferred in
> /etc/ip6addrctl.conf the resolver will still query for both
> AAAA and A records when the client is IPv6-enabled. If the
> AAAA query comes first and a bork load balancer returns
> NXDOMAIN, the negative response will likely be cached and
> result in the subsequent A query failing as well, meaning no
> IPv4 address to prefer.
As you see, the destination address selection isn't a solution for
broken name server. But, it solves a problem during connect for IPv4
only users.
Mark_Andrews> This issue really gets blown out of proportion. You have
Mark_Andrews> a couple of *broken* nameservers worldwide. There really
Mark_Andrews> are not a lot of them, they just happen to be high profile
Mark_Andrews> servers.
Mark_Andrews> When you find one, report it. If people did this originally
Mark_Andrews> rather than hacking software to work around the brokeness
Mark_Andrews> there wouldn't be a problem now.
Yes, actually. However I'm tired enough to hear this issue. Though I
don't like to make a patch for this issue, I don't like to hear a
problem about IPv6 related issue from IPv4 only users. So, I made a
patch to add no_aaaa_quesy to resolver option. With this option,
getaddrinfo() and getipnodebyname() do A query against AF_UNSPEC. The
former is for 4-STABLE and the latter is for 5-CURRENT. If there is
no objection, I'll commit it.
Sincerely,
--Multipart_Thu_Mar_18_03:07:49_2004-1
Content-Type: text/x-patch; type=patch; charset=US-ASCII
Content-Disposition: attachment; filename="resolver-no-aaaa-4s.diff"
Content-Transfer-Encoding: 7bit
Index: include/resolv.h
diff -u include/resolv.h.orig include/resolv.h
--- include/resolv.h.orig Sat Jun 16 07:08:26 2001
+++ include/resolv.h Thu Mar 18 02:40:25 2004
@@ -150,6 +150,7 @@
#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */
#define RES_NOTLDQUERY 0x00004000 /* Don't query TLD names */
+#define RES_NOAAAAQUERY 0x08000000 /* Don't query AAAA implicitly */
/* KAME extensions: use higher bit to avoid conflict with ISC use */
#define RES_USE_EDNS0 0x40000000 /* use EDNS0 */
Index: lib/libc/net/getaddrinfo.c
diff -u -p lib/libc/net/getaddrinfo.c.orig lib/libc/net/getaddrinfo.c
--- lib/libc/net/getaddrinfo.c.orig Thu Mar 18 02:32:50 2004
+++ lib/libc/net/getaddrinfo.c Thu Mar 18 02:36:15 2004
@@ -1494,13 +1494,23 @@ _dns_getaddrinfo(pai, hostname, res)
struct addrinfo *ai;
querybuf *buf, *buf2;
const char *name;
- struct addrinfo sentinel, *cur;
+ struct addrinfo sentinel, *cur, pai0;
struct res_target q, q2;
memset(&q, 0, sizeof(q2));
memset(&q2, 0, sizeof(q2));
memset(&sentinel, 0, sizeof(sentinel));
cur = &sentinel;
+
+ if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+ h_errno = NETDB_INTERNAL;
+ return EAI_FAIL;
+ }
+ if ((_res.options & RES_NOAAAAQUERY) && pai->ai_family == AF_UNSPEC) {
+ pai0 = *pai;
+ pai0.ai_family = AF_INET;
+ pai = &pai0;
+ }
buf = malloc(sizeof(*buf));
if (!buf) {
Index: lib/libc/net/name6.c
diff -u -p lib/libc/net/name6.c.orig lib/libc/net/name6.c
--- lib/libc/net/name6.c.orig Sun Nov 3 03:54:57 2002
+++ lib/libc/net/name6.c Thu Mar 18 02:51:50 2004
@@ -1573,6 +1573,15 @@ _dns_ghbyaddr(const void *addr, int addr
char *tld4[] = { "in-addr.arpa", NULL };
char **tld;
+ if ((_res.options & RES_INIT) == 0) {
+ if (res_init() < 0) {
+ *errp = h_errno;
+ return NULL;
+ }
+ }
+ if ((_res.options & RES_NOAAAAQUERY) && af == AF_UNSPEC)
+ af = AF_INET;
+
#ifdef INET6
/* XXX */
if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL((struct in6_addr *)addr))
@@ -1592,12 +1601,6 @@ _dns_ghbyaddr(const void *addr, int addr
return NULL;
}
- if ((_res.options & RES_INIT) == 0) {
- if (res_init() < 0) {
- *errp = h_errno;
- return NULL;
- }
- }
memset(&hbuf, 0, sizeof(hbuf));
hbuf.h_name = NULL;
hbuf.h_addrtype = af;
Index: lib/libc/net/res_init.c
diff -u -p lib/libc/net/res_init.c.orig lib/libc/net/res_init.c
--- lib/libc/net/res_init.c.orig Tue Feb 5 03:30:55 2002
+++ lib/libc/net/res_init.c Thu Mar 18 02:33:55 2004
@@ -539,8 +539,10 @@ res_setoptions(options, source)
_res.options |= RES_INSECURE2;
} else if (!strncmp(cp, "no_tld_query", sizeof("no_tld_query") - 1)) {
_res.options |= RES_NOTLDQUERY;
+ } else if (!strncmp(cp, "no_aaaa_query", sizeof("no_aaaa_query") - 1)) {
+ _res.options |= RES_NOAAAAQUERY;
} else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) {
- _res.options |= RES_USE_EDNS0;
+ _res.options |= RES_USE_EDNS0;
} else {
/* XXX - print a warning here? */
}
Index: share/man/man5/resolver.5
diff -u share/man/man5/resolver.5.orig share/man/man5/resolver.5
--- share/man/man5/resolver.5.orig Fri Aug 17 22:08:47 2001
+++ share/man/man5/resolver.5 Thu Mar 18 02:33:55 2004
@@ -125,7 +125,7 @@
.Sy option
is one of the following:
.Pp
-.Bl -tag -width no_tld_query
+.Bl -tag -width no_aaaa_query
.It Sy debug
sets
.Dv RES_DEBUG
@@ -154,6 +154,12 @@
and
.Sy search
rules with the given name.
+.It Sy no_aaaa_query
+tells the resolver not to attempt to qurey an AAAA record. There are
+some name servers which return NXDOMAIN against an AAAA query in the
+world. Though the behavior is a bug, this option prevent IPv4 users
+from this problem. Specifying this option is not recommended. Please
+report to a maintainer of a broken name server, instead.
.El
.Pp
Options may also be specified as a space or tab separated list using the
--Multipart_Thu_Mar_18_03:07:49_2004-1
Content-Type: text/x-patch; type=patch; charset=US-ASCII
Content-Disposition: attachment; filename="resolver-no-aaaa.diff"
Content-Transfer-Encoding: 7bit
Index: include/resolv.h
diff -u include/resolv.h.orig include/resolv.h
--- include/resolv.h.orig Fri Feb 27 21:51:36 2004
+++ include/resolv.h Wed Mar 17 15:59:06 2004
@@ -152,6 +152,7 @@
#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */
#define RES_NOTLDQUERY 0x00004000 /* Don't query TLD names */
+#define RES_NOAAAAQUERY 0x08000000 /* Don't query AAAA implicitly */
/* KAME extensions: use higher bit to avoid conflict with ISC use */
#define RES_USE_EDNS0 0x40000000 /* use EDNS0 */
Index: lib/libc/net/getaddrinfo.c
diff -u -p lib/libc/net/getaddrinfo.c.orig lib/libc/net/getaddrinfo.c
--- lib/libc/net/getaddrinfo.c.orig Thu Feb 26 06:03:45 2004
+++ lib/libc/net/getaddrinfo.c Thu Mar 18 02:14:50 2004
@@ -1834,7 +1834,7 @@ _dns_getaddrinfo(rv, cb_data, ap)
querybuf *buf, *buf2;
const char *name;
const struct addrinfo *pai;
- struct addrinfo sentinel, *cur;
+ struct addrinfo sentinel, *cur, pai0;
struct res_target q, q2;
name = va_arg(ap, char *);
@@ -1844,6 +1844,16 @@ _dns_getaddrinfo(rv, cb_data, ap)
memset(&q2, 0, sizeof(q2));
memset(&sentinel, 0, sizeof(sentinel));
cur = &sentinel;
+
+ if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+ h_errno = NETDB_INTERNAL;
+ return NS_NOTFOUND;
+ }
+ if ((_res.options & RES_NOAAAAQUERY) && pai->ai_family == AF_UNSPEC) {
+ pai0 = *pai;
+ pai0.ai_family = AF_INET;
+ pai = &pai0;
+ }
buf = malloc(sizeof(*buf));
if (!buf) {
Index: lib/libc/net/name6.c
diff -u -p lib/libc/net/name6.c.orig lib/libc/net/name6.c
--- lib/libc/net/name6.c.orig Fri Feb 27 21:51:48 2004
+++ lib/libc/net/name6.c Thu Mar 18 02:13:45 2004
@@ -1718,6 +1718,13 @@ _dns_ghbyname(void *rval, void *cb_data,
af = va_arg(ap, int);
errp = va_arg(ap, int *);
+ if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+ *errp = NETDB_INTERNAL;
+ return NS_NOTFOUND;
+ }
+ if ((_res.options & RES_NOAAAAQUERY) && af == AF_UNSPEC)
+ af = AF_INET;
+
#ifdef INET6
switch (af) {
case AF_UNSPEC:
Index: lib/libc/net/res_init.c
diff -u -p lib/libc/net/res_init.c.orig lib/libc/net/res_init.c
--- lib/libc/net/res_init.c.orig Fri Feb 27 21:51:49 2004
+++ lib/libc/net/res_init.c Thu Mar 18 02:05:04 2004
@@ -580,8 +580,10 @@ res_setoptions(options, source)
_res.options |= RES_INSECURE2;
} else if (!strncmp(cp, "no_tld_query", sizeof("no_tld_query") - 1)) {
_res.options |= RES_NOTLDQUERY;
+ } else if (!strncmp(cp, "no_aaaa_query", sizeof("no_aaaa_query") - 1)) {
+ _res.options |= RES_NOAAAAQUERY;
} else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) {
- _res.options |= RES_USE_EDNS0;
+ _res.options |= RES_USE_EDNS0;
} else {
/* XXX - print a warning here? */
}
Index: share/man/man5/resolver.5
diff -u share/man/man5/resolver.5.orig share/man/man5/resolver.5
--- share/man/man5/resolver.5.orig Mon Dec 8 22:43:20 2003
+++ share/man/man5/resolver.5 Wed Mar 17 19:36:17 2004
@@ -125,7 +125,7 @@
.Sy option
is one of the following:
.Pp
-.Bl -tag -width no_tld_query
+.Bl -tag -width no_aaaa_query
.It Sy debug
sets
.Dv RES_DEBUG
@@ -168,6 +168,12 @@
and
.Sy search
rules with the given name.
+.It Sy no_aaaa_query
+tells the resolver not to attempt to qurey an AAAA record. There are
+some name servers which return NXDOMAIN against an AAAA query in the
+world. Though the behavior is a bug, this option prevent IPv4 users
+from this problem. Specifying this option is not recommended. Please
+report to a maintainer of a broken name server, instead.
.El
.Pp
Options may also be specified as a space or tab separated list using the
--Multipart_Thu_Mar_18_03:07:49_2004-1
Content-Type: text/plain; charset=US-ASCII
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
--Multipart_Thu_Mar_18_03:07:49_2004-1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yge65d3e496.wl%ume>