Ubuntu
glibc package

DNS lookup fails if there are too many records records (e.g. smtp.googlemail.com)

Bug #327364 reported by Michael Helmling
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: libc6

I have a strange problem with DNS lookups to smtp.googlemail.com (and probably other addresses that have lots of IP records associated to them). This is what happens with the host command:

$ host smtp.googlemail.com
;; Truncated, retrying in TCP mode.
;; Connection to 192.168.178.1#53(192.168.178.1) for smtp.googlemail.com failed: connection refused.

The same happens with dig or nslookup. I verified this with several computers on different DSL connections. With windows, things are a bit different: Most 'normal' programs are able to lookup the address (including telnet), however the windows nslookup also leads an error message. Interestingly, Linux as Windows both are successfull the first time after booting, but then never again.

According to a quick google search, the problem seems to be that the DNS record for smtp.googlemail.com is too big for a single UDP packet. A second problem is that my router (a "FritzBox" from AVM) does not use an alternate TCP connection. Thirdly, linux discards the whole truncated answer, instead of trying to find something useful in the truncated answer. This is possible, as the use of dig +ignore shows:

$ dig +ignore smtp.googlemail.com

; <<>> DiG 9.5.0-P2 <<>> +ignore smtp.googlemail.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39851
;; flags: qr rd ra; QUERY: 1, ANSWER: 25, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;smtp.googlemail.com. IN A

;; ANSWER SECTION:
smtp.googlemail.com. 197 IN CNAME googlemail-smtp.l.google.com.
googlemail-smtp.l.google.com. 300 IN A 209.85.218.97
googlemail-smtp.l.google.com. 300 IN A 209.85.218.98
googlemail-smtp.l.google.com. 300 IN A 209.85.218.99
googlemail-smtp.l.google.com. 300 IN A 209.85.218.100
googlemail-smtp.l.google.com. 300 IN A 209.85.218.101
googlemail-smtp.l.google.com. 300 IN A 209.85.218.102
googlemail-smtp.l.google.com. 300 IN A 209.85.218.103
googlemail-smtp.l.google.com. 300 IN A 209.85.218.104
googlemail-smtp.l.google.com. 300 IN A 209.85.218.105
googlemail-smtp.l.google.com. 300 IN A 209.85.218.106
googlemail-smtp.l.google.com. 300 IN A 209.85.218.107
googlemail-smtp.l.google.com. 300 IN A 209.85.218.108
googlemail-smtp.l.google.com. 300 IN A 209.85.218.109
googlemail-smtp.l.google.com. 300 IN A 209.85.218.110
googlemail-smtp.l.google.com. 300 IN A 209.85.218.111
googlemail-smtp.l.google.com. 300 IN A 209.85.218.112
googlemail-smtp.l.google.com. 300 IN A 209.85.218.113
googlemail-smtp.l.google.com. 300 IN A 209.85.218.114
googlemail-smtp.l.google.com. 300 IN A 209.85.218.115
googlemail-smtp.l.google.com. 300 IN A 209.85.218.116
googlemail-smtp.l.google.com. 300 IN A 209.85.218.117
googlemail-smtp.l.google.com. 300 IN A 209.85.218.118
googlemail-smtp.l.google.com. 300 IN A 209.85.218.119
googlemail-smtp.l.google.com. 300 IN A 209.85.218.120

;; AUTHORITY SECTION:
l.google.com. 64587 IN NS c.l.google.com.
l.google.com. 64587 IN NS d.l.google.com.
l.google.com. 64587 IN NS e.l.google.com.

;; Query time: 44 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Mon Feb 9 21:46:43 2009
;; MSG SIZE rcvd: 508

I suppose this is what Windows does. Since the FritzBox routers are VERY popular in Germany and LOTS of people use googlemail, I consider this a quite severe problem (my mother wasn't able to send mails for a week ...). I'm not totally sure that libc6 is the right place for this, but since all programs (thunderbird, ...) are unable to connect to smtp.googlemail.com, and afaik dns calls are made via libc6, this bug goes to libc6. If another place is more appropriate, please let me know.

Revision history for this message
Pablo Marchant (pamarca) wrote :

I believe I have the same problem, but its not happening with smtp.google.com, but with www.google.com. I have this output for dig:

pablo@warifaifa:~$dig www.google.com
;; Truncated, retrying in TCP mode.
;; Connection to 192.168.0.1#53(192.168.0.1) for www.google.com failed: connection refused.

Adding the +ignore flag i get this:

pablo@warifaifa:~$ dig www.google.com +ignore

; <<>> DiG 9.5.1-P1 <<>> www.google.com +ignore
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65181
;; flags: qr tc rd ra; QUERY: 1, ANSWER: 25, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 603325 IN CNAME www.l.google.com.
www.l.google.com. 25 IN A 190.45.0.37
www.l.google.com. 25 IN A 190.45.0.38
www.l.google.com. 25 IN A 190.45.0.39
www.l.google.com. 25 IN A 190.45.0.16
www.l.google.com. 25 IN A 190.45.0.17
www.l.google.com. 25 IN A 190.45.0.18
www.l.google.com. 25 IN A 190.45.0.19
www.l.google.com. 25 IN A 190.45.0.20
www.l.google.com. 25 IN A 190.45.0.21
www.l.google.com. 25 IN A 190.45.0.22
www.l.google.com. 25 IN A 190.45.0.23
www.l.google.com. 25 IN A 190.45.0.24
www.l.google.com. 25 IN A 190.45.0.25
www.l.google.com. 25 IN A 190.45.0.26
www.l.google.com. 25 IN A 190.45.0.27
www.l.google.com. 25 IN A 190.45.0.28
www.l.google.com. 25 IN A 190.45.0.29
www.l.google.com. 25 IN A 190.45.0.30
www.l.google.com. 25 IN A 190.45.0.31
www.l.google.com. 25 IN A 190.45.0.32
www.l.google.com. 25 IN A 190.45.0.33
www.l.google.com. 25 IN A 190.45.0.34
www.l.google.com. 25 IN A 190.45.0.35
www.l.google.com. 25 IN A 190.45.0.36

;; AUTHORITY SECTION:
l.google.com. 84925 IN NS b.l.google.com.
l.google.com. 84925 IN NS c.l.google.com.
l.google.com. 84925 IN NS d.l.google.com.
l.google.com. 84925 IN NS e.l.google.com.

;; Query time: 13 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Mon Mar 16 01:24:56 2009
;; MSG SIZE rcvd: 500

Revision history for this message
Pablo Marchant (pamarca) wrote :

A workaround for this problem is to append the lines:

nameserver 208.67.222.222
nameserver 208.67.220.220

To your /etc/resolv.conf

These are the domain servers from the openDNS free dns servers

Revision history for this message
mrlika (mrlika-gmail) wrote :
Download full text (5.1 KiB)

I have same bug. All applications can not resolve some DNS names. only 'dig' with '+ignore' can resolve such DNS names:

$ dig vkontakte.ru
;; Truncated, retrying in TCP mode.
;; Connection to 10.10.10.2#53(10.10.10.2) for vkontakte.ru failed: connection refused.

$dig +ignore vkontakte.ru

; <<>> DiG 9.5.1-P2 <<>> +ignore vkontakte.ru
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52643
;; flags: qr tc rd ra; QUERY: 1, ANSWER: 22, AUTHORITY: 7, ADDITIONAL: 0

;; QUESTION SECTION:
;vkontakte.ru. IN A

;; ANSWER SECTION:
vkontakte.ru. 353 IN A 93.186.225.6
vkontakte.ru. 353 IN A 93.186.225.211
vkontakte.ru. 353 IN A 93.186.225.212
vkontakte.ru. 353 IN A 93.186.226.4
vkontakte.ru. 353 IN A 93.186.226.5
vkontakte.ru. 353 IN A 93.186.226.129
vkontakte.ru. 353 IN A 93.186.226.130
vkontakte.ru. 353 IN A 93.186.227.123
vkontakte.ru. 353 IN A 93.186.227.124
vkontakte.ru. 353 IN A 93.186.227.125
vkontakte.ru. 353 IN A 93.186.227.126
vkontakte.ru. 353 IN A 93.186.227.129
vkontakte.ru. 353 IN A 93.186.227.130
vkontakte.ru. 353 IN A 93.186.228.129
vkontakte.ru. 353 IN A 93.186.229.2
vkontakte.ru. 353 IN A 93.186.229.3
vkontakte.ru. 353 IN A 93.186.224.233
vkontakte.ru. 353 IN A 93.186.224.234
vkontakte.ru. 353 IN A 93.186.224.235
vkontakte.ru. 353 IN A 93.186.224.236
vkontakte.ru. 353 IN A 93.186.224.238
vkontakte.ru. 353 IN A 93.186.224.239

;; AUTHORITY SECTION:
. 294316 IN NS G.ROOT-SERVERS.NET.
. 294316 IN NS H.ROOT-SERVERS.NET.
. 294316 IN NS I.ROOT-SERVERS.NET.
. 294316 IN NS J.ROOT-SERVERS.NET.
. 294316 IN NS K.ROOT-SERVERS.NET.
. 294316 IN NS L.ROOT-SERVERS.NET.
. 294316 IN NS M.ROOT-SERVERS.NET.

;; Query time: 4 msec
;; SERVER: 10.10.10.2#53(10.10.10.2)
;; WHEN: Thu Oct 22 16:12:33 2009
;; MSG SIZE rcvd: 503

mrlika@mrlika-desktop:~$
mrlika@mrlika-desktop:~$
mrlika@mrlika-desktop:~$
mrlika@mrlika-desktop:~$
mrlika@mrlika-desktop:~$ dig vkontakte.ru
;; Truncated, retrying in TCP mode.
;; Connection to 10.10.10.2#53(10.10.10.2) for vkontakte.ru failed: connection refused.
^Cmrlika@mrlika-desktop:~$ dig +ignore vkontakte.ru

; <<>> DiG 9.5.1-P2 <<>> +ignore vkontakte.ru
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 241
;; flags: qr tc rd ra; QUERY: 1, ANSWER: 22, AUTHORITY: 7, ADDITIONAL: 0

;; QUESTION SECTION:
;vkontakte.ru. IN A

;; AN...

Read more...

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glibc (Ubuntu):
status: New → Confirmed
Revision history for this message
Arseny Klimovsky (arseny.klimovsky) wrote :

The same problem resolving host vk.com
DNS server is bind9 from Debian squeeze.
All configuration files are available to read and edit.

Some kind of similar issue, but is was fixed long ago https://bugzilla.redhat.com/show_bug.cgi?id=161181

Revision history for this message
Arseny Klimovsky (arseny.klimovsky) wrote :

Sorry, in my case it was an wrong firewall configuration

Revision history for this message
TJ (tj) wrote :

This can be caused by upstream resolvers using DNSSEC whilst the client doesn't. I've just dealt with a user facing this issue.

The solution was to use DNSSEC with dig:

dig +dnssec <host>

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.