resolved fallback to TCP fails for truncated UDP replies
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| systemd (Ubuntu) | Status tracked in Focal | |||||
| | Bionic |
Undecided
|
Unassigned | |||
| | Disco |
Medium
|
Dan Streetman | |||
| | Eoan |
Medium
|
Dan Streetman | |||
| | Focal |
Medium
|
Dan Streetman | |||
Bug Description
[impact]
for DNS UDP replies larger than 512 bytes, fallback to TCP is used. For example 'host toomany.
Due to a bug in resolved in refcounting DNS stream types, the refcount underflows for type 0 streams (which resolved uses to talk to upstream nameservers), resulting in resolved being unable to fallback to TCP to handle truncated UDP replies.
[test case]
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.3-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2683
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Thu Oct 24 11:40:29 UTC 2019
;; MSG SIZE rcvd: 678
ubuntu@
ubuntu@
; <<>> DiG 9.11.3-
;; global options: +cmd
;; connection timed out; no servers could be reached
[regression potential]
very low, as this only properly sets the stream type in the DnsStream object; any regression would be a failure to be able to use TCP for DNS requests or replies.
[other info]
https:/
The commit adding stream types is not present in x/b, so this is needed only for disco and later.
Related branches
- Balint Reczey: Approve on 2019-10-25
-
Diff: 61 lines (+47/-0)2 files modifieddebian/patches/lp1849658-resolved-set-stream-type-during-DnsStream-creation.patch (+46/-0)
debian/patches/series (+1/-0)
| description: | updated |
| Changed in systemd (Ubuntu Disco): | |
| importance: | Undecided → Medium |
| Changed in systemd (Ubuntu Eoan): | |
| importance: | Undecided → Medium |
| Changed in systemd (Ubuntu Focal): | |
| importance: | Undecided → Medium |
| Changed in systemd (Ubuntu Disco): | |
| assignee: | nobody → Dan Streetman (ddstreet) |
| Changed in systemd (Ubuntu Eoan): | |
| assignee: | nobody → Dan Streetman (ddstreet) |
| status: | New → In Progress |
| Changed in systemd (Ubuntu Disco): | |
| status: | New → In Progress |
| Changed in systemd (Ubuntu Focal): | |
| assignee: | nobody → Dan Streetman (ddstreet) |
| status: | New → In Progress |
| tags: | added: ddstreet disco eoan focal sts systemd |
| Changed in systemd (Ubuntu Focal): | |
| status: | In Progress → Fix Committed |
| Launchpad Janitor (janitor) wrote : | #1 |
| Changed in systemd (Ubuntu Focal): | |
| status: | Fix Committed → Fix Released |
Hello Dan, or anyone else affected,
Accepted systemd into eoan-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
| Changed in systemd (Ubuntu Eoan): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed verification-needed-eoan |
All autopkgtests for the newly accepted systemd (242-7ubuntu3.2) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:
gvfs/1.
systemd/
ndctl/unknown (armhf)
casper/1.427 (amd64)
netplan.
munin/unknown (armhf)
linux-oem-
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
Hello Dan, or anyone else affected,
Accepted systemd into disco-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
| Changed in systemd (Ubuntu Disco): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed-disco |
All autopkgtests for the newly accepted systemd (240-6ubuntu5.8) for disco have finished running.
The following regressions have been reported in tests triggered by the package:
prometheus-
php7.2/
gvfs/1.
pdns-recursor/
webhook/unknown (armhf)
munin/2.
systemd/
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
| Dan Streetman (ddstreet) wrote : | #6 |
ubuntu@
ii systemd 242-7ubuntu3 amd64 system and service manager
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.5-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6516
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Wed Nov 13 21:59:23 UTC 2019
;; MSG SIZE rcvd: 678
ubuntu@
ubuntu@
; <<>> DiG 9.11.5-
;; global options: +cmd
;; connection timed out; no servers could be reached
ubuntu@
ubuntu@
ii systemd 242-7ubuntu3.2 amd64 system and service manager
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.5-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32883
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Wed Nov 13 22:02:04 UTC 2019
;; MSG SIZE rcvd: 678
ubuntu@
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.5-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18427
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Wed Nov 13 22:02:08 UTC 2019
;; MSG SIZE rcvd: 678
| tags: |
added: verification-done verification-done-eoan removed: verification-needed verification-needed-eoan |
Hello Dan, or anyone else affected,
Accepted systemd into bionic-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
| Changed in systemd (Ubuntu Bionic): | |
| status: | New → Fix Committed |
| tags: |
added: verification-needed verification-needed-bionic removed: verification-done |
| Dan Streetman (ddstreet) wrote : | #8 |
ubuntu@
ii systemd 240-6ubuntu5.7 amd64 system and service manager
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.5-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57225
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Thu Nov 14 15:15:13 UTC 2019
;; MSG SIZE rcvd: 678
ubuntu@
ubuntu@
; <<>> DiG 9.11.5-
;; global options: +cmd
;; connection timed out; no servers could be reached
ubuntu@
ii systemd 240-6ubuntu5.8 amd64 system and service manager
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.5-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26936
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Thu Nov 14 15:21:10 UTC 2019
;; MSG SIZE rcvd: 678
ubuntu@
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.5-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57527
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Thu Nov 14 15:21:14 UTC 2019
;; MSG SIZE rcvd: 678
| tags: |
added: verification-done-disco removed: verification-needed-disco |
All autopkgtests for the newly accepted systemd (237-3ubuntu10.32) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:
gvfs/1.
linux/unknown (ppc64el)
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
| Dan Streetman (ddstreet) wrote : | #10 |
bionic verification note: as mentioned in description, the commit introducing this wasn't present in bionic so this bug isn't reproducable with version 237-3ubuntu10.31; however that commit was added to version 237-3ubuntu10.32 in bug 1849733, so the verification here doesn't need to check version ..ubuntu10.31, it only needs to verify this bug wasn't introduced in version ..ubuntu10.32
ubuntu@
ii systemd 237-3ubuntu10.32 amd64 system and service manager
ubuntu@
Trying 10.254.201.100...
^C
ubuntu@
ii systemd 237-3ubuntu10.32 amd64 system and service manager
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.3-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6871
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Fri Nov 15 15:53:48 UTC 2019
;; MSG SIZE rcvd: 678
ubuntu@
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.3-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46778
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Fri Nov 15 15:53:56 UTC 2019
;; MSG SIZE rcvd: 678
| Dan Streetman (ddstreet) wrote : | #11 |
oops, copied too much in the last comment; the first part of that is verification for bug 1849733 (which i pasted in there as well). After the ^C is verification for this bug.
| tags: |
added: verification-done verification-done-bionic removed: verification-needed verification-needed-bionic |
Hello Dan, or anyone else affected,
Accepted systemd into bionic-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
| tags: |
added: verification-needed verification-needed-bionic removed: verification-done verification-done-bionic |
| Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/237-3ubuntu10.33) | #13 |
All autopkgtests for the newly accepted systemd (237-3ubuntu10.33) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:
gvfs/1.
dovecot/
umockdev/0.11.1-1 (ppc64el)
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
| Dan Streetman (ddstreet) wrote : | #14 |
ubuntu@
ii systemd 237-3ubuntu10.33 amd64 system and service manager
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.3-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7057
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Wed Nov 20 07:10:36 UTC 2019
;; MSG SIZE rcvd: 678
ubuntu@
ubuntu@
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.3-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30342
;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;toomany.
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Wed Nov 20 07:10:49 UTC 2019
;; MSG SIZE rcvd: 678
| tags: |
added: verification-done verification-done-bionic removed: verification-needed verification-needed-bionic |
| Launchpad Janitor (janitor) wrote : | #16 |
This bug was fixed in the package systemd - 242-7ubuntu3.2
---------------
systemd (242-7ubuntu3.2) eoan; urgency=medium
[ Dan Streetman ]
* d/extra/
- Replace use of bash-only &> with > and 2> (LP: #1849608)
* d/p/lp1849658-
- Fix bug in refcounting TCP stream types (LP: #1849658)
* d/extra/
[ Rafael David Tinoco ]
* Add support to KeepConfiguration= fixing behaviour for HA (LP: #1815101)
- d/p/lp1815101-
- d/p/lp1815101-
- d/p/lp1815101-
- d/p/lp1815101-
- d/p/lp1815101-
systemd (242-7ubuntu3.1) eoan; urgency=medium
[ Balint Reczey ]
* Fix shutdown and related actions from the login screen (LP: #1847896)
File: debian/
https:/
* debian/gbp.conf: Set debian-branch to ubuntu-eoan
File: debian/gbp.conf
https:/
[ Dan Streetman ]
* Fix bogus routes after DHCP lease change (LP: #1831787)
Files:
- debian/
- debian/
- debian/
- debian/
- debian/
https:/
* Set src address for dhcp 'classless' routes (LP: #1835581)
File: debian/
https:/
* Allows cache=no-negative option to be set, ignoring negative answers to
be cached (LP: #1668771)
File: debian/
https:/
-- Dan Streetman <email address hidden> Fri, 01 Nov 2019 16:33:08 -0400
| Changed in systemd (Ubuntu Eoan): | |
| status: | Fix Committed → Fix Released |
The verification of the Stable Release Update for systemd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
| Launchpad Janitor (janitor) wrote : | #17 |
This bug was fixed in the package systemd - 240-6ubuntu5.8
---------------
systemd (240-6ubuntu5.8) disco; urgency=medium
[ Victor Tapia ]
* d/p/resolved_
Fix regression introduced by
resolved-
DNSSEC=yes (LP: #1796501)
[ Dan Streetman ]
* d/p/lp1840640-
allow sync_file_range2 in nspawn container (LP: #1840640)
* d/p/lp1847527-
do not request Content-Length if Transfer-Encoding is chunked
(LP: #1847527)
* d/t/storage: fix flaky test
(LP: #1847815)
* d/p/lp1843381-
debian/
fix rename delay for systems using "Dell MAC passthrough"
(LP: #1843381)
* d/p/lp1849733/
d/p/
ignore EDNS0 payload limit when responding over TCP (LP: #1849733)
* d/p/lp1849658-
- Fix bug in refcounting TCP stream types (LP: #1849658)
* d/extra/
- only restart resolved if dhclient conf changed (LP: #1805183)
[ Balint Reczey ]
* d/p/test-
fix test breakage due to running in nested lxd container
(LP: #1845337)
-- Dan Streetman <email address hidden> Fri, 04 Oct 2019 09:06:58 -0400
| Changed in systemd (Ubuntu Disco): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #18 |
This bug was fixed in the package systemd - 237-3ubuntu10.33
---------------
systemd (237-3ubuntu10.33) bionic; urgency=medium
* d/p/lp1852754/
d/p/
d/p/
- Complete link setup after setting mtu (LP: #1852754)
systemd (237-3ubuntu10.32) bionic; urgency=medium
[ Victor Tapia ]
* d/p/resolved_
Fix regression introduced by
resolved-
DNSSEC=yes (LP: #1796501)
[ Dan Streetman ]
* d/p/fix-
- Fix typo in previous patch
* d/p/lp1840640-
- allow sync_file_range2 in nspawn container
(LP: #1840640)
* d/p/lp1783994-
- avoid systemd-
(LP: #1783994)
* d/p/lp1832672-
- do not fail entire file on error when parsing /etc/hosts
- parse # char anywhere in line as start of comment
(LP: #1832672)
* d/p/lp1843381-
debian/
- fix rename delay for systems using "Dell MAC passthrough"
(LP: #1843381)
* d/p/lp1849733/
d/p/
d/p/
d/p/
d/p/
d/p/
d/p/
d/p/
d/p/
d/p/
d/p/
d/p/
d/p/
- add TCP pipelining to handle getaddrinfo() fallback to TCP
- ignore EDNS0 payload limit when responding over TCP (LP: #1849733)
* d/p/lp1849658-
- Fix bug in refcounting TCP stream types (LP: #1849658)
* d/p/lp1850704/
d/p/
- Fix setting mtu if interface already up (LP: #1850704)
* d/extra/
- only restart resolved if dhclient conf changed (LP: #1805183)
-- Dan Streetman <email address hidden> Fri, 15 Nov 2019 10:01:16 -0500
| Changed in systemd (Ubuntu Bionic): | |
| status: | Fix Committed → Fix Released |
This bug was fixed in the package systemd - 243-3ubuntu1
---------------
systemd (243-3ubuntu1) focal; urgency=medium
[ Dan Streetman ]
* Fix resolved fallback to TCP (LP: #1849658)
Author: Dan Streetman
File: debian/
https:/
* Separate stderr and stdout of /etc/dhcp/
(LP: #1849608)
Author: Dan Streetman
File: debian/
https:/
[ Balint Reczey ]
* Merge to Ubuntu from Debian experimental
* Refresh patches:
- Dropped changes:
* udevadm trigger: do not propagate EACCES and ENODEV.
File: debian/
https:/
* Pass personality test even when i386 userland runs on amd64 kernel
File: debian/
https:/
systemd (243-3) experimental; urgency=medium
* Import patches from v243-stable branch (up to ef677436aa)
-- Balint Reczey <email address hidden> Wed, 30 Oct 2019 15:19:33 +0100