Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <494ce727486f453d9732b7968b7510b4@CHBARSRV1EXCHP1.ANYACCESS.NET>
Date: Wed, 15 Mar 2017 16:58:54 +0000
From: <dominic.chambers@...ncore.com>
To: <musl@...ts.openwall.com>
Subject: RE: Queries with less than `ndots` dots never lead to
 resolution using the global namespace if the `search` domains don't work

HI Rich,

I've attached the results from running the following two commands:

  1. ` strace ./gai3a google.com 2> strace_of_google-com`
  2. ` strace ./gai3a google.com.default.svc 2> strace_of_google-com-default-svc`

Is this what you were looking for or can I provide something more useful?

Thanks again, Dominic.

-----Original Message-----
From: Rich Felker [mailto:dalias@...ifal.cx] On Behalf Of Rich Felker
Sent: 15 March 2017 16:11
To: musl@...ts.openwall.com
Subject: Re: [musl] Queries with less than `ndots` dots never lead to resolution using the global namespace if the `search` domains don't work

On Wed, Mar 15, 2017 at 12:58:02PM +0000, dominic.chambers@...ncore.com wrote:
> HI Rich,
> 
> Thanks for the prompt response here. Apologies for any confusion I may 
> have created, but I think the server is responding with an overall 
> `NXDOMAIN` response. This is what I get from running `dig
> google.com.default.svc.cluster.local`:
> 
> ```
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com.default.svc.cluster.local
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20863 ;; flags: 
> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;google.com.default.svc.cluster.local. IN A
> 
> ;; AUTHORITY SECTION:
> cluster.local.          60      IN      SOA     ns.dns.cluster.local. hostmaster
> .cluster.local. 1489579200 28800 7200 604800 60
> 
> ;; Query time: 0 msec
> ;; SERVER: 10.43.0.10#53(10.43.0.10)
> ;; WHEN: Wed Mar 15 12:49:14 UTC 2017
> ;; MSG SIZE  rcvd: 147
> ```
> 
> Although there's less information with nslookup, the response from 
> running `nslookup google.com.default.svc.cluster.local` seems even 
> more definitive:
> 
> ```
> Server:         10.43.0.10
> Address:        10.43.0.10#53
> 
> ** server can't find google.com.default.svc.cluster.local: NXDOMAIN 
> ```
> 
> Maybe I was just reading too much into the output from dig regarding 
> exactly what was being returned from the server. Any further thoughts?

Can you send an strace log of an affected lookup with musl's resolver (rather than dig/nslookup which use bind's resolver) for me to look at? Attached is source for a trivial sample utility to perform a lookup.

Rich
LEGAL DISCLAIMER. The contents of this electronic communication
and any attached documents are strictly confidential and they may not
be used or disclosed by someone who is not a named recipient.
If you have received this electronic communication in error please notify
the sender by replying to this electronic communication inserting the
word "misdirected" as the subject and delete this communication from
your system.

Download attachment "strace_of_google-com" of type "application/octet-stream" (5095 bytes)

Download attachment "strace_of_google-com-default-svc" of type "application/octet-stream" (5081 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.