systemd-stable icon indicating copy to clipboard operation
systemd-stable copied to clipboard
verified publisher icon systemd

backport zero TTL system-resolved fix to 252

Open benjaminp opened this issue 2 years ago • 1 comments

Please consider backporting https://github.com/systemd/systemd/pull/29307 to the 252 stable branch, so Debian stable can get the fix. Thank you.

benjaminp avatar Oct 21 '23 19:10 benjaminp

@poettering Any chance in getting this backported to 252/253/254? That would be great.

The reason I'm personally asking for this is that this also fixes https://github.com/systemd/systemd/issues/19394 and https://github.com/systemd/systemd/issues/22575#issuecomment-1086541502.

How so? systemd-resolved does two queries when resolving a name, for both the A and AAAA record. When doing this against a bind RPZ which only has an A record for a name, the following happens: Bind always returns the RPZ SOA in the additional section. However, it returns the RPZ SOA with TTL 1 for the a record request, and TTL 0 for the AAAA request.

As such, the ttl zero/non-zero merging bug is triggered and systemd-resolved returns errno 22 / Lookup failed due to system error: Invalid argument.

Yannik avatar Nov 15 '23 21:11 Yannik

@benjaminp As far as I can see, this can be closed since the backports have been done. It should be in systemd 252.24, debian already has 252.26, so feel free to check if this works for you. For me all looks good on fedora 39 / systemd 254.13.

Yannik avatar Jul 02 '24 21:07 Yannik

Yeah, bookworm-updates has 254.14, which is good enough for me.

benjaminp avatar Jul 03 '24 15:07 benjaminp