Ubuntu 17.10 - DNS query via TCP not working
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dnscrypt-proxy (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
TL:DR seem's like "ping/wget" etc become dislike truncated UDP DNS reply and the become tell "Temporary failure in name resolution" instead fallback to TCP protocol...
https:/
I'm using DNSCrypt-proxy running at 127.0.2.1:53
me@nb:~$ cat /etc/resolv.conf
nameserver 127.0.2.1
me@nb:~$ nslookup ya.ru
Server: 127.0.2.1
Address: 127.0.2.1#53
Non-authoritative answer:
Name: ya.ru
Address: 87.250.250.242
me@nb:~$ ping ya.ru
PING ya.ru (87.250.250.242) 56(84) bytes of data.
64 bytes from ya.ru (87.250.250.242): icmp_seq=1 ttl=50 time=31.3 ms
^C
--- ya.ru ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 31.320/
now I'm setting TCPOnly on into /etc/dnscrypt-
me@nb:~$ sudo service dnscrypt-proxy restart
me@nb:~$ nslookup ya.ru
;; Truncated, retrying in TCP mode.
Server: 127.0.2.1
Address: 127.0.2.1#53
Non-authoritative answer:
Name: ya.ru
Address: 87.250.250.242
me@nb:~$ ping ya.ru
ping: ya.ru: Temporary failure in name resolution
Is it possible to serve DNS over UDP but communicate between DNSCrypt proxy and DNSCrypt server over TCP?
affects: | resolvconf (Ubuntu) → dnscrypt-proxy (Ubuntu) |
I think this is NOT a dnscrypt-proxy problem but getHostByName implementation issue. Since it MUST send DNS-over-TCP request after truncated UDP reply:
"
A resolver SHOULD send a UDP
query first, but MAY elect to send a TCP query instead if it has good
reason to expect the response would be truncated if it were sent over
UDP (with or without EDNS0) or for other operational reasons, in
particular, if it already has an open TCP connection to the server."
https:/ /tools. ietf.org/ html/rfc5966# section- 4