resolved CNAME redirect issues

Bug #1921636 reported by imbezol on 2021-03-28
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd
Fix Released
Unknown
systemd (Ubuntu)
Undecided
Unassigned
Groovy
Undecided
Unassigned

Bug Description

I am having issues loading certain websites such as linkedin.com and portions of google sites including images.google.com, hotmail.com login, etc. After looking through some logs and such I've determined that resolved is not properly following CNAMEs to an IP address. Querying the DNS server on my network directly for the info works fine. Loading the sites from other computers on the network works fine.

In the #systemd IRC channel I was directed to the following two issues:
https://github.com/systemd/systemd/pull/18892
https://github.com/systemd/systemd/pull/19009

System info:
Ubuntu 20.10
ii systemd 246.6-1ubuntu1.2 amd64 system and service manager
ii linux-generic 5.8.0.48.53 amd64 Complete Generic Linux kernel and headers

Example:
[11:06:00]<root@castle:/var/log> host static-exp1.licdn.com
Host static-exp1.licdn.com not found: 2(SERVFAIL)
[11:06:17]<root@castle:/var/log> resolvectl status
Global
       LLMNR setting: no
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
          DNS Domain: rhos.bigfiber.net
                      bigfiber.net

Link 2 (enp6s0)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 3 (enp4s0f0)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 10.18.1.1
         DNS Servers: 10.18.1.1
          DNS Domain: ~.
                      rhos.bigfiber.net
                      bigfiber.net

Link 4 (enp4s0f1)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
[11:06:26]<root@castle:/var/log> host static-exp1.licdn.com 10.18.1.1
Using domain server:
Name: 10.18.1.1
Address: 10.18.1.1#53
Aliases:

static-exp1.licdn.com is an alias for 2-01-2c3e-003d.cdx.cedexis.net.
2-01-2c3e-003d.cdx.cedexis.net is an alias for li-prod-static.azureedge.net.
li-prod-static.azureedge.net is an alias for li-prod-static.afd.azureedge.net.
li-prod-static.afd.azureedge.net is an alias for star-azureedge-prod.trafficmanager.net.
star-azureedge-prod.trafficmanager.net is an alias for dual.t-0009.t-msedge.net.
dual.t-0009.t-msedge.net is an alias for t-0009.t-msedge.net.
t-0009.t-msedge.net is an alias for Edge-Prod-WSTr3.ctrl.t-0009.t-msedge.net.
Edge-Prod-WSTr3.ctrl.t-0009.t-msedge.net is an alias for edge-prod-wstr3.ctrl.t-0001.trafficmanager.net.
edge-prod-wstr3.ctrl.t-0001.trafficmanager.net is an alias for standard.t-0009.t-msedge.net.
standard.t-0009.t-msedge.net has address 13.107.213.19
standard.t-0009.t-msedge.net has address 13.107.246.19
standard.t-0009.t-msedge.net has IPv6 address 2620:1ec:46::19
standard.t-0009.t-msedge.net has IPv6 address 2620:1ec:bdf::19

resolved debugging log is attached.

Revision history for this message
imbezol (travis-c) wrote :
Revision history for this message
Dan Streetman (ddstreet) wrote :

Quite a number of CNAME redirects you have there!

The resolved logs appear to be fine, e.g.:
Mar 28 11:30:27 castle systemd-resolved[73519]: Added positive unauthenticated cache entry for standard.t-0009.t-msedge.net IN A 30s on enp4s0f0/INET/10.18.1.1
Mar 28 11:30:27 castle systemd-resolved[73519]: Added positive unauthenticated cache entry for standard.t-0009.t-msedge.net IN A 30s on enp4s0f0/INET/10.18.1.1

And when I try to resolve your example hostname it only goes through 2 CNAMES:
$ host static-exp1.licdn.com
static-exp1.licdn.com is an alias for 2-01-2c3e-003d.cdx.cedexis.net.
2-01-2c3e-003d.cdx.cedexis.net is an alias for cs1404.wpc.epsiloncdn.net.
cs1404.wpc.epsiloncdn.net has address 152.199.24.163
cs1404.wpc.epsiloncdn.net has IPv6 address 2606:2800:21f:fedd:8b7a:88ab:fc7e:fa3b

Do you have a different example hostname that I can try to reproduce this with?

Changed in systemd (Ubuntu):
status: New → Incomplete
Changed in systemd (Ubuntu Groovy):
status: New → Incomplete
Changed in systemd:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.