hickory-dns icon indicating copy to clipboard operation
hickory-dns copied to clipboard

Published 20 hours ago verified publisher icon hickory-dns

resolve -s works, but ping fails

Open MarkSwanson opened this issue 3 years ago • 3 comments

Describe the bug trust-dns does not correctly support 'ping'.

To Reproduce

  1. configure trust-dns for zone i.mark1010.com @ IN SOA i.mark1010.com. root.i.mark1010.com. ( 199609204 ; Serial 28800 ; Refresh 7200 ; Retry 604800 ; Expire 86400) ; Minimum TTL

             NS      ns1
         MX      1 alias
         ANAME   linux

linux A 192.168.1.201 www CNAME linux ns1 CNAME linux

Note that i.mark1010.com has its own ns: $ dig @173.245.58.51 i.mark1010.com ns i.mark1010.com. 83276 IN NS 192.168.1.201.

$ strace -s 150 ping www.i.mark1010.com FAILS. strace relevant bits: connect(5, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 sendmmsg(5, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\347\1\1\0\0\1\0\0\0\0\0\0\3www\1i\10mark1010\3com\0\0\1\0\1", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=36}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\374\34\1\0\0\1\0\0\0\0\0\0\3www\1i\10mark1010\3com\0\0\34\0\1", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=36}], 2, MSG_NOSIGNAL) = 2 recvfrom(5, "\374\34\204\0\0\1\0\1\0\1\0\0\3www\1i\10mark1010\3com\0\0\34\0\1\3www\1i\10mark1010\3com\0\0\5\0\1\0\1Q\200\0\10\5linux\300(\300(\0\2\0\1\0\1Q\200\0\6\3ns1\300(", 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [28->16]) = 92 recvfrom(5, "\347\1\204\0\0\1\0\1\0\1\0\1\3www\1i\10mark1010\3com\0\0\1\0\1\3www\1i\10mark1010\3com\0\0\5\0\1\0\1Q\200\0\10\5linux\300(\300(\0\2\0\1\0\1Q\200\0\6\3ns1\300(\300B\0\1\0\1\0\1Q\200\0\4\300\250\1\311", 65536, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [28->16]) = 108

trust-dns log: 1620231073.530222:INFO:trust_dns_server::server::server_future:594:request: 10517 type: Query op_code: Query dnssec: false name: www.i.mark1010.com. type: A class: IN 1620231073.530266:INFO:trust_dns_server::authority::catalog:407:request: 10517 found authority: i.mark1010.com. 1620231073.530273:INFO:trust_dns_server::server::response_handler:49:response: 7953 response_code: 0 1620231073.530329:INFO:trust_dns_server::server::response_handler:49:response: 10517 response_code: 0

Note that trust-dns resolver client works fine (dig resolves things fine too): $ resolve -s www.i.mark1010.com Querying for www.i.mark1010.com A from udp:127.0.0.1:53, tcp:127.0.0.1:53 Success for query name: www.i.mark1010.com type: A class: IN linux.i.mark1010.com. 86400 IN A 192.168.1.201

Expected behavior I expect ping to work.

System: ubuntu 20.04.2 rustc 1.53.0-nightly (42816d61e 2021-04-24)

Version: from git a couple of days ago. Also from trust-dns log: 1620231444.685286:INFO:named:349:Trust-DNS 0.20.1 starting

Additional context I'm not running dnsmasq, avahi or any other dns-related server.

Also, in case it helps I tried (failed) again with 'ping -4':

strace -s 150 ping -4 www.i.mark1010.com

connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 sendto(4, "\200\333\1\0\0\1\0\0\0\0\0\0\3www\1i\10mark1010\3com\0\0\1\0\1", 36, MSG_NOSIGNAL, NULL, 0) = 36 recvfrom(4, "\200\333\204\0\0\1\0\1\0\1\0\1\3www\1i\10mark1010\3com\0\0\1\0\1\3www\1i\10mark1010\3com\0\0\5\0\1\0\1Q\200\0\10\5linux\300(\300(\0\2\0\1\0\1Q\200\0\6\3ns1\300(\300B\0\1\0\1\0\1Q\200\0\4\300\250\1\311", 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [28->16]) = 108

Also, resolve (success) strace is:

strace -s 150 resolve -s www.i.mark1010.com

sendto(6, "\302\211\1\0\0\1\0\0\0\0\0\0\3www\1i\10mark1010\3com\0\0\1\0\1", 36, MSG_NOSIGNAL, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 36 recvfrom(6, "\302\211\204\0\0\1\0\1\0\1\0\1\3www\1i\10mark1010\3com\0\0\1\0\1\3www\1i\10mark1010\3com\0\0\5\0\1\0\1Q\200\0\10\5linux\300(\300(\0\2\0\1\0\1Q\200\0\6\3ns1\300(\300B\0\1\0\1\0\1Q\200\0\4\300\250\1\311", 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 108

ping is making a 200\333 request, and resolve is making a 302\211 request?

Thought? Suggestions? Thanks!!!

MarkSwanson avatar May 05 '21 16:05 MarkSwanson

Also, /etc/nsswitch.conf: hosts: files dns

/etc/resolv.conf: nameserver 127.0.0.1

MarkSwanson avatar May 05 '21 16:05 MarkSwanson

Thanks for this report. I'll need to look at your report and decode some of what you've posted to try and understand what's going on here. I don't at the moment understand how ping operates differently in such a way as to dislike the responses from trust-dns.

bluejekyll avatar May 08 '21 20:05 bluejekyll

Thanks for looking into it. I found it odd the first few sendto bytes were different - recvfrom too. If I can format things better, or do different tests please let me know. I'm a little slow responding to email, but I'm happy to chat via discord if you want to debug/test a few things.

MarkSwanson avatar May 09 '21 15:05 MarkSwanson