touch-packages team mailing list archive

Thread
Date
[Bug 1466608] Re: Unable to resolve domains with large EDNS0 replies

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Thomas Hood <1466608@xxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Jun 2015 21:27:49 -0000
Reply-to: Bug 1466608 <1466608@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Hi. I don't see how resolvconf could be responsible for this problem.
Initial observation: it seems that dig gets the correct answer from
dnsmasq when it supplies the additional option udp:1280, but the glibc
resolver doesn't get the right answer from dnsmasq when it fails to
supply that option. Reassigning to dnsmasq.

** Package changed: resolvconf (Ubuntu) => dnsmasq (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1466608

Title:
  Unable to resolve domains with large EDNS0 replies

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  Not sure resolvconf is the correct place to report this bug, but I'm
  unable to resolve domains with large EDNS0 replies.

  A couple of examples are www.sciencedaily.com and
  www.ncbi.nlm.nih.gov. Interestingly, they resolve when I use "dig
  <domain>", but if I enter a URL with either of those domains in my
  browser (tried Chromium and Firefox), then name resolution fails. Ping
  also fails with a name resolution error message.

  Here's an example:

  $ dig www.ncbi.nlm.nih.gov

  ; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.ncbi.nlm.nih.gov
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8409
  ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags: do; udp: 1280
  ;; QUESTION SECTION:
  ;www.ncbi.nlm.nih.gov.		IN	A

  ;; ANSWER SECTION:
  www.ncbi.nlm.nih.gov.	2358	IN	CNAME	www.wip.ncbi.nlm.nih.gov.
  www.ncbi.nlm.nih.gov.	2358	IN	RRSIG	CNAME 7 5 86400 20151213102025 20150616102025 52670 ncbi.nlm.nih.gov. dZt9uuyLImbB23vdqcsSK+nWK77BREttiAP80Ovq2/xV48JsII3Uxzxc W8OkLmc5dSdPNkfwc6QFC/+wqe+4ORb1TC4Qxw5HQxo4nCindPFGZAgJ SEFcWRJ2HrU5BKz/MeVMALJ3YN6LSHIwkTIwJbKweTGLQTZPZTryp1M7 UQrqd0hs7tjjwVl/6zRIA5UGgFbdrLwX9jmh4ykBTqK8u0Rt/wrTeHbp UpVMxAUdUW1CJ7xAnn/k4td6zdx7Tm5+CkS99Qva0cPfSSo6Qh4Uplun LKwT9GR4zqBTQRjBWSTf2YdhrAU8oyh9WbQ66WHLYkC8Kp55iskL8E8p E5wOYA==
  www.wip.ncbi.nlm.nih.gov. 30	IN	A	130.14.29.110
  www.wip.ncbi.nlm.nih.gov. 30	IN	RRSIG	A 7 6 30 20150708223631 20150617223631 34334 wip.ncbi.nlm.nih.gov. aF9abjtGNMz+8NkcTGIY8GwjfZBCcL532B2sdJM891OAP2V9GwPCDGNY VzMPzZjMGN9qHsBgXuFY5jZQNWFvWfIQctTJEZTxClyJyFhe5JbyIspg NIO6ZXxjD3h7Ax/Sr5peyf8mfCU/8FZHPGJOhsNEFOwL3RjIddTK6Ibc PQ55CWOuVrvw26kKj9gxBG8r6iBcKe89xHQYPm1w+Osp8c2twGhqBmfd 7zcRxFLyF0BpY63kcQiF5lJ2fI31x+zCAROL9H3L1jm/K7aMAiO5kuWl DK57upsmtQNzjWX8coYpm7/3Gebfmpjx4BtC75L5IP/WfwVBfzHeRjAG KY/7aQ==

  ;; Query time: 132 msec
  ;; SERVER: 127.0.1.1#53(127.0.1.1)
  ;; WHEN: Thu Jun 18 20:26:50 CEST 2015
  ;; MSG SIZE  rcvd: 699

  $ ping www.ncbi.nlm.nih.gov
  ping: unknown host www.ncbi.nlm.nih.gov

  I also watched with tcpdump when trying to look up the domain
  www.sciencedaily.com, and when I use dig I immediately get the reply,
  but when trying with ping I don't get any reply, and it gives up after
  4 queries are sent. Must have something to do with the DNS flags that
  are set on the query in the different cases.

  Here's a lookup with dig:

  20:01:47.857269 IP 127.0.0.1.56927 > 127.0.1.1.53: 9907+ [1au] A? www.sciencedaily.com. (49)
  20:01:47.869516 IP 127.0.1.1.53 > 127.0.0.1.56927: 9907 2/6/43 CNAME ed5n3.x.incapdns.net., A 149.126.72.70 (879)

  and here's a name resolution triggered by running ping:

  20:02:47.969527 IP 127.0.0.1.35905 > 127.0.1.1.53: 59118+ A? www.sciencedaily.com. (38)
  20:02:52.974752 IP 127.0.0.1.35905 > 127.0.1.1.53: 59118+ A? www.sciencedaily.com. (38)
  20:02:57.980296 IP 127.0.0.1.48738 > 127.0.1.1.53: 3668+ A? www.sciencedaily.com. (38)
  20:03:02.985493 IP 127.0.0.1.48738 > 127.0.1.1.53: 3668+ A? www.sciencedaily.com. (38)

  I've not experienced this before, though these aren't domains I
  commonly visit. Is this a new issue?

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: resolvconf 1.69ubuntu1.1
  ProcVersionSignature: Ubuntu 3.13.0-52.86-generic 3.13.11-ckt18
  Uname: Linux 3.13.0-52-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.11
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Jun 18 20:23:19 2015
  InstallationDate: Installed on 2014-10-19 (241 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  PackageArchitecture: all
  SourcePackage: resolvconf
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466608/+subscriptions
References

[Bug 1466608] [NEW] Unable to resolve domains with large EDNS0 replies
From: Ketil, 2015-06-18