← Back to team overview

touch-packages team mailing list archive

[Bug 1466608] [NEW] Unable to resolve domains with large EDNS0 replies

 

Public bug reported:

Not sure resolvconf is the correct place to report this bug, but I'm
unable to resolve domains with large EDNS0 replies.

A couple of examples are www.sciencedaily.com and www.ncbi.nlm.nih.gov.
Interestingly, they resolve when I use "dig <domain>", but if I enter a
URL with either of those domains in my browser (tried Chromium and
Firefox), then name resolution fails. Ping also fails with a name
resolution error message.

Here's an example:

$ dig www.ncbi.nlm.nih.gov

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.ncbi.nlm.nih.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8409
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280
;; QUESTION SECTION:
;www.ncbi.nlm.nih.gov.		IN	A

;; ANSWER SECTION:
www.ncbi.nlm.nih.gov.	2358	IN	CNAME	www.wip.ncbi.nlm.nih.gov.
www.ncbi.nlm.nih.gov.	2358	IN	RRSIG	CNAME 7 5 86400 20151213102025 20150616102025 52670 ncbi.nlm.nih.gov. dZt9uuyLImbB23vdqcsSK+nWK77BREttiAP80Ovq2/xV48JsII3Uxzxc W8OkLmc5dSdPNkfwc6QFC/+wqe+4ORb1TC4Qxw5HQxo4nCindPFGZAgJ SEFcWRJ2HrU5BKz/MeVMALJ3YN6LSHIwkTIwJbKweTGLQTZPZTryp1M7 UQrqd0hs7tjjwVl/6zRIA5UGgFbdrLwX9jmh4ykBTqK8u0Rt/wrTeHbp UpVMxAUdUW1CJ7xAnn/k4td6zdx7Tm5+CkS99Qva0cPfSSo6Qh4Uplun LKwT9GR4zqBTQRjBWSTf2YdhrAU8oyh9WbQ66WHLYkC8Kp55iskL8E8p E5wOYA==
www.wip.ncbi.nlm.nih.gov. 30	IN	A	130.14.29.110
www.wip.ncbi.nlm.nih.gov. 30	IN	RRSIG	A 7 6 30 20150708223631 20150617223631 34334 wip.ncbi.nlm.nih.gov. aF9abjtGNMz+8NkcTGIY8GwjfZBCcL532B2sdJM891OAP2V9GwPCDGNY VzMPzZjMGN9qHsBgXuFY5jZQNWFvWfIQctTJEZTxClyJyFhe5JbyIspg NIO6ZXxjD3h7Ax/Sr5peyf8mfCU/8FZHPGJOhsNEFOwL3RjIddTK6Ibc PQ55CWOuVrvw26kKj9gxBG8r6iBcKe89xHQYPm1w+Osp8c2twGhqBmfd 7zcRxFLyF0BpY63kcQiF5lJ2fI31x+zCAROL9H3L1jm/K7aMAiO5kuWl DK57upsmtQNzjWX8coYpm7/3Gebfmpjx4BtC75L5IP/WfwVBfzHeRjAG KY/7aQ==

;; Query time: 132 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Jun 18 20:26:50 CEST 2015
;; MSG SIZE  rcvd: 699

$ ping www.ncbi.nlm.nih.gov
ping: unknown host www.ncbi.nlm.nih.gov

I also watched with tcpdump when trying to look up the domain
www.sciencedaily.com, and when I use dig I immediately get the reply,
but when trying with ping I don't get any reply, and it gives up after 4
queries are sent. Must have something to do with the DNS flags that are
set on the query in the different cases.

Here's a lookup with dig:

20:01:47.857269 IP 127.0.0.1.56927 > 127.0.1.1.53: 9907+ [1au] A? www.sciencedaily.com. (49)
20:01:47.869516 IP 127.0.1.1.53 > 127.0.0.1.56927: 9907 2/6/43 CNAME ed5n3.x.incapdns.net., A 149.126.72.70 (879)

and here's a name resolution triggered by running ping:

20:02:47.969527 IP 127.0.0.1.35905 > 127.0.1.1.53: 59118+ A? www.sciencedaily.com. (38)
20:02:52.974752 IP 127.0.0.1.35905 > 127.0.1.1.53: 59118+ A? www.sciencedaily.com. (38)
20:02:57.980296 IP 127.0.0.1.48738 > 127.0.1.1.53: 3668+ A? www.sciencedaily.com. (38)
20:03:02.985493 IP 127.0.0.1.48738 > 127.0.1.1.53: 3668+ A? www.sciencedaily.com. (38)

I've not experienced this before, though these aren't domains I commonly
visit. Is this a new issue?

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: resolvconf 1.69ubuntu1.1
ProcVersionSignature: Ubuntu 3.13.0-52.86-generic 3.13.11-ckt18
Uname: Linux 3.13.0-52-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Jun 18 20:23:19 2015
InstallationDate: Installed on 2014-10-19 (241 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
PackageArchitecture: all
SourcePackage: resolvconf
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: resolvconf (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1466608

Title:
  Unable to resolve domains with large EDNS0 replies

Status in resolvconf package in Ubuntu:
  New

Bug description:
  Not sure resolvconf is the correct place to report this bug, but I'm
  unable to resolve domains with large EDNS0 replies.

  A couple of examples are www.sciencedaily.com and
  www.ncbi.nlm.nih.gov. Interestingly, they resolve when I use "dig
  <domain>", but if I enter a URL with either of those domains in my
  browser (tried Chromium and Firefox), then name resolution fails. Ping
  also fails with a name resolution error message.

  Here's an example:

  $ dig www.ncbi.nlm.nih.gov

  ; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.ncbi.nlm.nih.gov
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8409
  ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags: do; udp: 1280
  ;; QUESTION SECTION:
  ;www.ncbi.nlm.nih.gov.		IN	A

  ;; ANSWER SECTION:
  www.ncbi.nlm.nih.gov.	2358	IN	CNAME	www.wip.ncbi.nlm.nih.gov.
  www.ncbi.nlm.nih.gov.	2358	IN	RRSIG	CNAME 7 5 86400 20151213102025 20150616102025 52670 ncbi.nlm.nih.gov. dZt9uuyLImbB23vdqcsSK+nWK77BREttiAP80Ovq2/xV48JsII3Uxzxc W8OkLmc5dSdPNkfwc6QFC/+wqe+4ORb1TC4Qxw5HQxo4nCindPFGZAgJ SEFcWRJ2HrU5BKz/MeVMALJ3YN6LSHIwkTIwJbKweTGLQTZPZTryp1M7 UQrqd0hs7tjjwVl/6zRIA5UGgFbdrLwX9jmh4ykBTqK8u0Rt/wrTeHbp UpVMxAUdUW1CJ7xAnn/k4td6zdx7Tm5+CkS99Qva0cPfSSo6Qh4Uplun LKwT9GR4zqBTQRjBWSTf2YdhrAU8oyh9WbQ66WHLYkC8Kp55iskL8E8p E5wOYA==
  www.wip.ncbi.nlm.nih.gov. 30	IN	A	130.14.29.110
  www.wip.ncbi.nlm.nih.gov. 30	IN	RRSIG	A 7 6 30 20150708223631 20150617223631 34334 wip.ncbi.nlm.nih.gov. aF9abjtGNMz+8NkcTGIY8GwjfZBCcL532B2sdJM891OAP2V9GwPCDGNY VzMPzZjMGN9qHsBgXuFY5jZQNWFvWfIQctTJEZTxClyJyFhe5JbyIspg NIO6ZXxjD3h7Ax/Sr5peyf8mfCU/8FZHPGJOhsNEFOwL3RjIddTK6Ibc PQ55CWOuVrvw26kKj9gxBG8r6iBcKe89xHQYPm1w+Osp8c2twGhqBmfd 7zcRxFLyF0BpY63kcQiF5lJ2fI31x+zCAROL9H3L1jm/K7aMAiO5kuWl DK57upsmtQNzjWX8coYpm7/3Gebfmpjx4BtC75L5IP/WfwVBfzHeRjAG KY/7aQ==

  ;; Query time: 132 msec
  ;; SERVER: 127.0.1.1#53(127.0.1.1)
  ;; WHEN: Thu Jun 18 20:26:50 CEST 2015
  ;; MSG SIZE  rcvd: 699

  $ ping www.ncbi.nlm.nih.gov
  ping: unknown host www.ncbi.nlm.nih.gov

  I also watched with tcpdump when trying to look up the domain
  www.sciencedaily.com, and when I use dig I immediately get the reply,
  but when trying with ping I don't get any reply, and it gives up after
  4 queries are sent. Must have something to do with the DNS flags that
  are set on the query in the different cases.

  Here's a lookup with dig:

  20:01:47.857269 IP 127.0.0.1.56927 > 127.0.1.1.53: 9907+ [1au] A? www.sciencedaily.com. (49)
  20:01:47.869516 IP 127.0.1.1.53 > 127.0.0.1.56927: 9907 2/6/43 CNAME ed5n3.x.incapdns.net., A 149.126.72.70 (879)

  and here's a name resolution triggered by running ping:

  20:02:47.969527 IP 127.0.0.1.35905 > 127.0.1.1.53: 59118+ A? www.sciencedaily.com. (38)
  20:02:52.974752 IP 127.0.0.1.35905 > 127.0.1.1.53: 59118+ A? www.sciencedaily.com. (38)
  20:02:57.980296 IP 127.0.0.1.48738 > 127.0.1.1.53: 3668+ A? www.sciencedaily.com. (38)
  20:03:02.985493 IP 127.0.0.1.48738 > 127.0.1.1.53: 3668+ A? www.sciencedaily.com. (38)

  I've not experienced this before, though these aren't domains I
  commonly visit. Is this a new issue?

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: resolvconf 1.69ubuntu1.1
  ProcVersionSignature: Ubuntu 3.13.0-52.86-generic 3.13.11-ckt18
  Uname: Linux 3.13.0-52-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.11
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Jun 18 20:23:19 2015
  InstallationDate: Installed on 2014-10-19 (241 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  PackageArchitecture: all
  SourcePackage: resolvconf
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1466608/+subscriptions


Follow ups

References