resolver does not (always) try A record after query for AAAA returns NXDOMAIN
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| glibc (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
My laptop is an Ubuntu Intrepid system with IPv6 enabled, which I use regularly without problems. Recently, however, the glibc resolver has been acting strangely after one of my network environments installed the powerdns DNS server.
Contents of /etc/resolv.conf (from DHCP):
---
domain company.local
search company.local
nameserver 10.0.0.1
---
Resolving queries fails on my laptop if I use fully qualified names for which the powerdns server is authoritative:
# getent hosts host001.
[timeout]
But if I just use relative names:
# getent hosts host001
10.0.0.2 host001.
If I try resolving a server for which the powerdns server is *not* authoritative:
# getent hosts www.xs4all.nl.
194.109.6.92 www.xs4all.nl
I think I have traced the problem to the fact that powerdns replies with "no such domain" when queried for a name for which an AAAA record does not exist. Bind will just reply with an empty result. Apparently, the glibc resolver will retry for an A records only if the name to be resolved is not fully qualified!?
I have attached a tcpdump from the DNS traffic resulting from the above commands.
Ubuntu 8.10
libc6 2.8~20080505-
powerdns 3.1.7
| Joost Cassee (jcassee) wrote | #1 |
| Joost Cassee (jcassee) wrote | #2 |
| Joost Cassee (jcassee) wrote | #3 |
| Kjetil Torgrim Homme (kjetilho) wrote | #4 |
several strange things here. the first command should not hang. how long does it hang? two minutes?
the second command should not return an answer. if the DNS server answers with an authoritative NXDOMAIN, there is no reason to ask for an A record.
(btw, you should use getaddrinfo(3) rather than the deprecated gethostbyname(3) to do host lookups. in other words, getent ahosts, not getent hosts.)
PS. it was kind of pointless to obfuscate the names, since they are visible in the packet dumps. this only makes it harder to read your error description.